1*5afab0e5SDag-Erling Smørgrav1.8.3 2022-08-15 2*5afab0e5SDag-Erling Smørgrav * bugfix #183: Assertion failure with OPT record without rdata. 3*5afab0e5SDag-Erling Smørgrav This caused packet creation with only a DO bit (for DNSSEC OK) 4*5afab0e5SDag-Erling Smørgrav to crash. Thanks Anand Buddhdev and others for reporting this 5*5afab0e5SDag-Erling Smørgrav so quickly. 6*5afab0e5SDag-Erling Smørgrav * Fix for syntax error in pyldns 7*5afab0e5SDag-Erling Smørgrav 8*5afab0e5SDag-Erling Smørgrav1.8.2 2022-08-12 9*5afab0e5SDag-Erling Smørgrav * bugfix #147: Allow for tabs in whitespace before quoted rdata 10*5afab0e5SDag-Erling Smørgrav fields. Thanks Felipe Gasper 11*5afab0e5SDag-Erling Smørgrav * bugfix #149: Add some missing [out] annotations to doxygen 12*5afab0e5SDag-Erling Smørgrav parameters. Thanks aldot. 13*5afab0e5SDag-Erling Smørgrav * Fix build error on Solaris 10 with inet_ntop redeclaration error. 14*5afab0e5SDag-Erling Smørgrav * Fix -U flag with ldns-signzone. Thanks Ulrich and Jonathan 15*5afab0e5SDag-Erling Smørgrav * Enable compile of SVCB and HTTPS support by default. 16*5afab0e5SDag-Erling Smørgrav * bugfix #179: Free line memory even if zone file parsing fails 17*5afab0e5SDag-Erling Smørgrav Thanks Claudius Zingerli 18*5afab0e5SDag-Erling Smørgrav * bugfix #166: Grow buffer when writing chars and fixed size 19*5afab0e5SDag-Erling Smørgrav strings when converting to presentation format, preventing 20*5afab0e5SDag-Erling Smørgrav potential assersion errors. 21*5afab0e5SDag-Erling Smørgrav * bugfix #46: Print network errors when secure tracing. 22*5afab0e5SDag-Erling Smørgrav Thanks reedjc 23*5afab0e5SDag-Erling Smørgrav * EDNS0 Option handling and conversion into presentation format. 24*5afab0e5SDag-Erling Smørgrav * bugfix #145: ldns-verify-zone should not call occluded records 25*5afab0e5SDag-Erling Smørgrav glue. Thanks Habbie 26*5afab0e5SDag-Erling Smørgrav 27*5afab0e5SDag-Erling Smørgrav1.8.1 2021-12-03 28*5afab0e5SDag-Erling Smørgrav * bugfix #146: ldns-1.7.1 had soname 3.0, so ldns-1.8.x soname 29*5afab0e5SDag-Erling Smørgrav needs to larger. Thanks Leah Neukirchen & Felipe Gasper 30*5afab0e5SDag-Erling Smørgrav * Undo PR#123 fix ldns.pc installation when building out-of-source 31*5afab0e5SDag-Erling Smørgrav Thanks Axel Xu 32*5afab0e5SDag-Erling Smørgrav 33*5afab0e5SDag-Erling Smørgrav1.8.0 2021-11-26 34*5afab0e5SDag-Erling Smørgrav * bugfix #38: Print "line" before line number when printing 35*5afab0e5SDag-Erling Smørgrav zone parse errors. Thanks Petr Špaček. 36*5afab0e5SDag-Erling Smørgrav * bugfix: Revert unused variables in ldns-config removal patch. 37*5afab0e5SDag-Erling Smørgrav * bugfix #50: heap Out-of-bound Read vulnerability in 38*5afab0e5SDag-Erling Smørgrav rr_frm_str_internal reported by pokerfacett. 39*5afab0e5SDag-Erling Smørgrav * bugfix #51: Heap Out-of-bound Read vulnerability in 40*5afab0e5SDag-Erling Smørgrav ldns_nsec3_salt_data reported by pokerfacett. 41*5afab0e5SDag-Erling Smørgrav * Fix memory leak in examples/ldns-testns handle_tcp routine. 42*5afab0e5SDag-Erling Smørgrav * Detect fixed time memory compare for openssl 0.9.8. 43*5afab0e5SDag-Erling Smørgrav * Fix compile warning by variable initialisation for older gcc. 44*5afab0e5SDag-Erling Smørgrav * Fix #92: ldns-testns.c:429:15: error: 'fork' is unavailable: not 45*5afab0e5SDag-Erling Smørgrav available on tvOS. 46*5afab0e5SDag-Erling Smørgrav * Fix for #93: fix packaging/libldns.pc Makefile rule. 47*5afab0e5SDag-Erling Smørgrav * ZONEMD support in ldns-signzone and ldns-verify-zone 48*5afab0e5SDag-Erling Smørgrav * ldns-testns can answer several queries over one tcp connection, 49*5afab0e5SDag-Erling Smørgrav if they arrive within 100msec of each other. 50*5afab0e5SDag-Erling Smørgrav * Fix so that ldns-testns does not leak sockets if the read fails. 51*5afab0e5SDag-Erling Smørgrav * SVCB and HTTPS draft rrtypes. 52*5afab0e5SDag-Erling Smørgrav Enable with --enable-rrtype-svcb-https. 53*5afab0e5SDag-Erling Smørgrav * bugfix #117: Assertion failure with DNSSEC validating of 54*5afab0e5SDag-Erling Smørgrav non existence of RR types at the root. Thanks ZjYwMj 55*5afab0e5SDag-Erling Smørgrav * Set NSEC(3) ttls to the minimum of the MINIMUM field of the SOA 56*5afab0e5SDag-Erling Smørgrav record and the TTL of the SOA itself. draft-ietf-dnsop-nsec-ttl 57*5afab0e5SDag-Erling Smørgrav * bugfix #119: Let example tools read longer RR's than 58*5afab0e5SDag-Erling Smørgrav LDNS_MAX_LINELEN 59*5afab0e5SDag-Erling Smørgrav * Add SVCPARAMS to python ldns_rdf_type2str function. 60*5afab0e5SDag-Erling Smørgrav * PR #134 Miscellaneous spelling fixes. Thanks jsoref! 61*5afab0e5SDag-Erling Smørgrav * Fix that ldns-read-zone and ldns_zone_new_frm_fp_l properly return 62*5afab0e5SDag-Erling Smørgrav the $INCLUDE not implemented error. 63*5afab0e5SDag-Erling Smørgrav * Fix that ldns-read-zone and ldns_zone_new_frm_fp_l count the line 64*5afab0e5SDag-Erling Smørgrav number for an empty line after a comment. 65*5afab0e5SDag-Erling Smørgrav * Fix #135: Fix compile with OpenSSL-3.0.0-beta2. 66*5afab0e5SDag-Erling Smørgrav * PR #107: Added ldns_pkt2buffer_wire_compress() to make dname 67*5afab0e5SDag-Erling Smørgrav compression optional when converting packets to wire format. 68*5afab0e5SDag-Erling Smørgrav Thanks Eli Lindsey 69*5afab0e5SDag-Erling Smørgrav * Option to ldns-keygen to create symlinks with known names 70*5afab0e5SDag-Erling Smørgrav (i.e. without the key id) to the created files. 71*5afab0e5SDag-Erling Smørgrav Thanks Andreas Schulze 72*5afab0e5SDag-Erling Smørgrav * Fix #121: Correct handling of centimetres by LOC parser. 73*5afab0e5SDag-Erling Smørgrav Thanks Felipe Gasper 74*5afab0e5SDag-Erling Smørgrav * PR #126: Link with libldns.la in Makefile.in. 75*5afab0e5SDag-Erling Smørgrav Thanks orbea 76*5afab0e5SDag-Erling Smørgrav * PR #127: Added option -Q to drill to give short answer. 77*5afab0e5SDag-Erling Smørgrav Thanks niknah 78*5afab0e5SDag-Erling Smørgrav * PR #133: Update m4 files for python modules. 79*5afab0e5SDag-Erling Smørgrav Thanks Petr Menšík 80*5afab0e5SDag-Erling Smørgrav * Bufix CAA value fields may be empty: Thanks Robert Mortimer 81*5afab0e5SDag-Erling Smørgrav * PR #108: Fix for ldns-compare-zones net detecting when first zone 82*5afab0e5SDag-Erling Smørgrav has a RRset that shrinks from two to one RRs, or grows from one 83*5afab0e5SDag-Erling Smørgrav to two RRs. Thanks Emilio Caballero 84*5afab0e5SDag-Erling Smørgrav * Fix #131: Drill sig chasing breaks with gcc-11 and 85*5afab0e5SDag-Erling Smørgrav strict-aliasing. Thanks Stanislav Levin 86*5afab0e5SDag-Erling Smørgrav * Fix #130: Unless $TLL is defined, ttl defaults to the last 87*5afab0e5SDag-Erling Smørgrav explicitly stated value. Thanks Benno 88*5afab0e5SDag-Erling Smørgrav * Fix #48: Missing UNSIGNED legend with drill. Thanks reedjc 89*5afab0e5SDag-Erling Smørgrav * Fix #143: EVP_PKEY_base_id became a macro with OpenSSL > 3.0 90*5afab0e5SDag-Erling Smørgrav Thanks Daniel J. Luke 91*5afab0e5SDag-Erling Smørgrav * Let ldns-signzone warn for high NSEC3 iteration counts. 92*5afab0e5SDag-Erling Smørgrav Thanks Andreas Schulze 93*5afab0e5SDag-Erling Smørgrav 94*5afab0e5SDag-Erling Smørgrav1.7.1 2019-07-26 95*5afab0e5SDag-Erling Smørgrav * bugfix: Manage verification paths for OpenSSL >= 1.1.0 96*5afab0e5SDag-Erling Smørgrav Thanks Marco Davids 97*5afab0e5SDag-Erling Smørgrav * bugfix #4106: find the SDK on MacOS X <= 10.6 98*5afab0e5SDag-Erling Smørgrav Thanks Bill Cole 99*5afab0e5SDag-Erling Smørgrav * bugfix #4155: ldns-config contains never used variables 100*5afab0e5SDag-Erling Smørgrav Thanks Petr Menšík 101*5afab0e5SDag-Erling Smørgrav * bugfix #4221: drill -x crashes with malformed IPv4 address 102*5afab0e5SDag-Erling Smørgrav Thanks Oleksandr Tymoshenko 103*5afab0e5SDag-Erling Smørgrav * bugfix #3437: CDS & CDNSKEY RRsets should be signed with the KSK 104*5afab0e5SDag-Erling Smørgrav Thanks Tony Finch 105*5afab0e5SDag-Erling Smørgrav * bugfix #1566, #1568, #1569, #1570: Potential NULL Dereferences 106*5afab0e5SDag-Erling Smørgrav Thanks Bill Parker 107*5afab0e5SDag-Erling Smørgrav * bugfix #1260: Anticipate strchr returning NULL on unfound char 108*5afab0e5SDag-Erling Smørgrav Thanks Stephan Zeisberg 109*5afab0e5SDag-Erling Smørgrav * bugfix #1257: Free after reallocing to 0 size (CVE-2017-1000232) 110*5afab0e5SDag-Erling Smørgrav Thanks Stephan Zeisberg 111*5afab0e5SDag-Erling Smørgrav * bugfix #1256: Check parse limit before t increment (CVE-2017-1000231) 112*5afab0e5SDag-Erling Smørgrav Thanks Stephan Zeisberg 113*5afab0e5SDag-Erling Smørgrav * bugfix #1245: Only one signature per RRset needs to be valid with 114*5afab0e5SDag-Erling Smørgrav ldns-verify-zone. Thanks Emil Natan. 115*5afab0e5SDag-Erling Smørgrav * ldns-notify can use all supported hash algorithms with -y. 116*5afab0e5SDag-Erling Smørgrav * bugfix #1209: make install ldns.pc file 117*5afab0e5SDag-Erling Smørgrav Thanks Oleksandr Natalenko 118*5afab0e5SDag-Erling Smørgrav * bugfix #1218: Only chase DS if signer is parent of owner. 119*5afab0e5SDag-Erling Smørgrav Thanks Emil Natan 120*5afab0e5SDag-Erling Smørgrav * bugfix #617: Retry WKS service and protocol names lower case. 121*5afab0e5SDag-Erling Smørgrav Thanks Siali Yan 122*5afab0e5SDag-Erling Smørgrav * Spelling errors in binaries and man pages 123*5afab0e5SDag-Erling Smørgrav Thanks Andreas Schulze 124*5afab0e5SDag-Erling Smørgrav * removed duplicate condition in ldns_udp_send_query. 125*5afab0e5SDag-Erling Smørgrav * ldns_wire2pkt: fix null pointer dereference if pkt allocation fails 126*5afab0e5SDag-Erling Smørgrav and fix memory leak with more EDNS sections 127*5afab0e5SDag-Erling Smørgrav Thanks Jan Vcelak 128*5afab0e5SDag-Erling Smørgrav * bugfix #1399: ldns_pkt2wire() Python binding is broken. 129*5afab0e5SDag-Erling Smørgrav Thanks James Raftery 130*5afab0e5SDag-Erling Smørgrav * ED25519 and ED448 support. Default is to autodetect support in 131*5afab0e5SDag-Erling Smørgrav OpenSSL. Disable with --disable-ed25519 and --disable-ed448. 132*5afab0e5SDag-Erling Smørgrav * ldns-notify: can have IPv6 address as argument. 133*5afab0e5SDag-Erling Smørgrav * Fix time sensitive TSIG compare vulnerability. 134*5afab0e5SDag-Erling Smørgrav * Fix that ldns-testns ignores sigpipe. 135*5afab0e5SDag-Erling Smørgrav * Fix that ldns-notify sets the query RR as question RR, this 136*5afab0e5SDag-Erling Smørgrav removes the wrong TTL and 0 rdata from the packet printout. 137*5afab0e5SDag-Erling Smørgrav * Allow -T flag to be used together with drill -x 138*5afab0e5SDag-Erling Smørgrav * Python bindings compile with swig 4.0 139*5afab0e5SDag-Erling Smørgrav Thanks Jitka Plesníková 140*5afab0e5SDag-Erling Smørgrav * bugfix #4248: drill -DT fails for CNAME domain 141*5afab0e5SDag-Erling Smørgrav Thanks Thom Wiggers 142*5afab0e5SDag-Erling Smørgrav * bugfix #4214: Various fixes and leaks found by coverity. 143*5afab0e5SDag-Erling Smørgrav Thanks Petr Menšík 144*5afab0e5SDag-Erling Smørgrav * Feature #3394: An -I option to ldns-notify to specify a source 145*5afab0e5SDag-Erling Smørgrav IP address to send to notify from. Thanks Geert Hendrickx 146*5afab0e5SDag-Erling Smørgrav * Bugfix #279: New API functions ldns_udp_connect2, 147*5afab0e5SDag-Erling Smørgrav ldns_tcp_connect2, ldns_udp_bgsend2 and ldns_tcp_bgsend2, 148*5afab0e5SDag-Erling Smørgrav that return -1 on failure and allow socket number 0 149*5afab0e5SDag-Erling Smørgrav to be returned too. Thanks Joerg Sonnenberger 150*5afab0e5SDag-Erling Smørgrav * Bugfix #1447: More verbose reporting of chasing problems with 151*5afab0e5SDag-Erling Smørgrav ldns-verify-zone. Thanks Stephane Guedon 152*5afab0e5SDag-Erling Smørgrav * OpenSSL engine support with ldns-signzone. 153*5afab0e5SDag-Erling Smørgrav See also https://penzin.net/ldns-signzone/ 154*5afab0e5SDag-Erling Smørgrav Many thanks Vadim Penzin. 155*5afab0e5SDag-Erling Smørgrav * Various improvements found with shellcheck. 156*5afab0e5SDag-Erling Smørgrav Thanks Jeffrey Walton 157*5afab0e5SDag-Erling Smørgrav * PR #36 Update manpage of ldns-notify to mention algorithm 158*5afab0e5SDag-Erling Smørgrav support with TSIG. Thanks Anand Buddhdev 159*5afab0e5SDag-Erling Smørgrav * Compile warnings with signed char input to to_lower() 160*5afab0e5SDag-Erling Smørgrav and is_digit() with NetBSD. Thanks Håvard Eidnes 161*5afab0e5SDag-Erling Smørgrav * Missing Makefile.PL in DNS-LDNS perl module contribution. 162*5afab0e5SDag-Erling Smørgrav Thanks Jaap Akkerhuis 163*5afab0e5SDag-Erling Smørgrav 164986ba33cSDag-Erling Smørgrav1.7.0 2016-12-20 165986ba33cSDag-Erling Smørgrav * Fix lookup of relative names in ldns_resolver_search. 166986ba33cSDag-Erling Smørgrav * bugfix #548: Double free for answers > 4096 in ldns_resolver_send_pkt 167986ba33cSDag-Erling Smørgrav * Follow CNAME's when tracing with drill (TODO dnssec trace) 168986ba33cSDag-Erling Smørgrav * Fix #551 change Regent to Copyright holder in BSD license in 169986ba33cSDag-Erling Smørgrav some of the headings of the file, to match the opensource.org 170986ba33cSDag-Erling Smørgrav BSD license. 171986ba33cSDag-Erling Smørgrav * -e option makes ldns-compare-zones exit with status code 2 on difference 172986ba33cSDag-Erling Smørgrav * Filter out specified RR types with ldns-read-zone -e and -E options 173986ba33cSDag-Erling Smørgrav * bugfix #563: Correct DNSKEY from DSA private key. Thanks Peter Koch. 174986ba33cSDag-Erling Smørgrav * bugfix #562: ldns-keygen match DSA key maximum size with library. 175986ba33cSDag-Erling Smørgrav And check keysizes with all algorithms. Thanks Peter Koch. 176986ba33cSDag-Erling Smørgrav * ldns-verify-zone accepts only one single zonefile as argument. 177986ba33cSDag-Erling Smørgrav * bugfix #573: ldns-keygen write private keys with mode 0600. 178986ba33cSDag-Erling Smørgrav Thanks Leon Weber 179986ba33cSDag-Erling Smørgrav * Fix configure to make ldns compile with LibreSSL 2.0 180986ba33cSDag-Erling Smørgrav * drill now also accepts dig style -y option 181986ba33cSDag-Erling Smørgrav (-y <[algo:]name:key> i.s.o. -y <name:key[:algo]>) 182986ba33cSDag-Erling Smørgrav * OPENPGPKEY draft rr types. Enable with: --enable-rrtype-openpgpkey 183986ba33cSDag-Erling Smørgrav * bugfix #608: Correct comment about escaped characters 184986ba33cSDag-Erling Smørgrav * CDS and CDNSKEY rr type from RFC 7344. 185986ba33cSDag-Erling Smørgrav --enable-rrtype-cds configure option removed 186986ba33cSDag-Erling Smørgrav * fix: Memory leak in ldns_pkt_rr_list_by_name() 187986ba33cSDag-Erling Smørgrav Thanks Johannes Naab 188986ba33cSDag-Erling Smørgrav * fix: Memory leak in ldns_dname2buffer_wire_compress() 189986ba33cSDag-Erling Smørgrav Thanks Max Liebkies 190986ba33cSDag-Erling Smørgrav * bugfix #613: Allow tab as whitespace too in last rdata field of types 191986ba33cSDag-Erling Smørgrav of variable length. Thanks Xiali Yan 192986ba33cSDag-Erling Smørgrav * bugfix: strip trailing whitespace from $ORIGIN lines in zone files 193986ba33cSDag-Erling Smørgrav * Let ldns-keygen output .ds files only for KSK keys 194986ba33cSDag-Erling Smørgrav * Parse RFC7218 TLSA mnemonics, but do not output them 195986ba33cSDag-Erling Smørgrav * Let ldns-dane use SPKI as the default selector i.s.o. Cert 196986ba33cSDag-Erling Smørgrav * bugfix: Fit left over NSEC3s once more before adding empty non 197986ba33cSDag-Erling Smørgrav terminals. Thanks Stuart Browne 198986ba33cSDag-Erling Smørgrav * bugfix #605: Determine default trust anchor location at compile time 199986ba33cSDag-Erling Smørgrav Thanks Peter Koch 200986ba33cSDag-Erling Smørgrav * bugfix #697: Double free with ldns-dane create 201986ba33cSDag-Erling Smørgrav Thanks Carsten Strotmann 202986ba33cSDag-Erling Smørgrav * bugfix #623: Do not redefine bool type and boolean values 203986ba33cSDag-Erling Smørgrav Thanks Jakob Petsovits 204986ba33cSDag-Erling Smørgrav * bugfix #570: Add TLSA, CDS, CDNSKEY and OPENPGPKEY RR types to ldnsx 205986ba33cSDag-Erling Smørgrav Thanks Shussain 206986ba33cSDag-Erling Smørgrav * bugfix #575: ldns_pkt_clone() does not copy timestamp field 207986ba33cSDag-Erling Smørgrav Thanks Calle Dybedahl 208986ba33cSDag-Erling Smørgrav * bugfix #584: ldns-update fixes. Send update to port 53, bring manpage 209986ba33cSDag-Erling Smørgrav in sync with the usage text, and don't alter the ldns_resolver passed 210986ba33cSDag-Erling Smørgrav to ldns_update_soa_zone_mname(). Created a ldns_resolver_clone() 211986ba33cSDag-Erling Smørgrav function in the process. Thanks Nicholas Riley. 212986ba33cSDag-Erling Smørgrav * bugfix #633: ldns_pkt_clone() parameter isn't const. 213986ba33cSDag-Erling Smørgrav Thanks Jakop Petsovits 214986ba33cSDag-Erling Smørgrav * bugfix: ldns-dane manpage correction 215986ba33cSDag-Erling Smørgrav Thanks Erwin Lansing 216986ba33cSDag-Erling Smørgrav * Spelling fixes. Thanks Andreas Schulze 217986ba33cSDag-Erling Smørgrav * Hyphen used as minus in manpages. Thanks Andreas Schulze. 218986ba33cSDag-Erling Smørgrav * RFC7553 RR Type URI is supported by default. 219986ba33cSDag-Erling Smørgrav * Fix ECDSA signature generation, do not omit leading zeroes. 220986ba33cSDag-Erling Smørgrav * bugfix: Get rid of superfluous newline in ldns-keyfetcher 221986ba33cSDag-Erling Smørgrav Thanks Jan-Piet Mens 222986ba33cSDag-Erling Smørgrav * bugfix: -U option to ldns-signzone to sign with every algorithm 223986ba33cSDag-Erling Smørgrav Thanks Guido Kroon 224986ba33cSDag-Erling Smørgrav * const function parameters whenever possible. 225986ba33cSDag-Erling Smørgrav Thanks Ray Bellis 226986ba33cSDag-Erling Smørgrav * bugfix #725: allow RR-types on the type bitmap window border 227986ba33cSDag-Erling Smørgrav Thanks Pieter Lexis 228986ba33cSDag-Erling Smørgrav * bugfix #726: 2 typos in drill manpage. 229986ba33cSDag-Erling Smørgrav Thanks Hugo Lombard 230986ba33cSDag-Erling Smørgrav * Add type CSYNC support, RFC 7477. 231986ba33cSDag-Erling Smørgrav * Prepare for ED25519, ED448 support: todo convert* routines in 232986ba33cSDag-Erling Smørgrav dnssec.h, once openssl has support for signing with these algorithms. 233986ba33cSDag-Erling Smørgrav The dns algorithm number is not yet allocated. These features are 234986ba33cSDag-Erling Smørgrav not fully implemented yet, openssl (1.1) does not support the 235986ba33cSDag-Erling Smørgrav algorithms enough to generate keys and sign and verify with them. 236986ba33cSDag-Erling Smørgrav * Fix _answerfrom comment in ldns_struct_pkt. 237986ba33cSDag-Erling Smørgrav * Fix drill axfr ipv4/ipv6 queries. 238986ba33cSDag-Erling Smørgrav * Fix comment referring to mk_query in packet.h to pkt_query_new. 239986ba33cSDag-Erling Smørgrav * Fix description of QR flag in packet.h. 240986ba33cSDag-Erling Smørgrav * Fix for openssl 1.1.0 API changes. 241986ba33cSDag-Erling Smørgrav * Remove commented out macro. Thanks Thiago Farina 242986ba33cSDag-Erling Smørgrav * bugfix #641: Include install-sh in .gitignore 243986ba33cSDag-Erling Smørgrav * bugfix #825: Module import breaks with newer SWIG versions. 244986ba33cSDag-Erling Smørgrav Thanks Christoph Egger 245986ba33cSDag-Erling Smørgrav * bugfix #796 - #792: Fix miscellaneous compiler warning issues. 246986ba33cSDag-Erling Smørgrav Thanks Ngie Cooper 247986ba33cSDag-Erling Smørgrav * bugfix #769: Add support for :: in an IPv6 address 248986ba33cSDag-Erling Smørgrav Thanks Hajimu UMEMOTO 249986ba33cSDag-Erling Smørgrav * bugfix #760: Detect superfluous text in presentation format 250986ba33cSDag-Erling Smørgrav Thanks Xiali Yan 251986ba33cSDag-Erling Smørgrav * bugfix #708: warnings and errors with xcode 6.1/7.0 252986ba33cSDag-Erling Smørgrav * bugfix #754: Memory leak in ldns_str2rdf_ipseckey 253986ba33cSDag-Erling Smørgrav Thanks Xiali Yan 254986ba33cSDag-Erling Smørgrav * bugfix #661: Fail NSEC3 signing when NSEC domainname length 255986ba33cSDag-Erling Smørgrav would overflow. Thanks Jan-Piet Mens. 256986ba33cSDag-Erling Smørgrav * bugfix #771: hmac-sha224, hmac-sha384 and hmac-sha512 keys. 257986ba33cSDag-Erling Smørgrav Thanks Harald Jenny 258986ba33cSDag-Erling Smørgrav * bugfix #680: ldns fails to reject invalidly formatted 259986ba33cSDag-Erling Smørgrav RFC 7553 URI RRs. Thanks Robert Edmonds 260986ba33cSDag-Erling Smørgrav * bugfix #678: Use poll i.s.o. select to support > 1024 fds 261986ba33cSDag-Erling Smørgrav Thanks William King 262986ba33cSDag-Erling Smørgrav * Use OpenSSL DANE functions for verification (unless explicitly 263986ba33cSDag-Erling Smørgrav disabled with --disable-dane-ta-usage). 264*5afab0e5SDag-Erling Smørgrav * Bump .so version 265986ba33cSDag-Erling Smørgrav * Include OPENPGPKEY RR type by default 266986ba33cSDag-Erling Smørgrav * rdata processing for SMIMEA RR type 267986ba33cSDag-Erling Smørgrav * Fix crash in displaying TLSA RR's. 268986ba33cSDag-Erling Smørgrav Thanks Andreas Schulze 269986ba33cSDag-Erling Smørgrav * Update ldns-key2ds man page to mention GOST and SHA384 hash 270986ba33cSDag-Erling Smørgrav functions. Thanks Harald Jenny 271986ba33cSDag-Erling Smørgrav * Add sha384 and sha512 tsig algorithm. Thanks Michael Weiser 272986ba33cSDag-Erling Smørgrav * Clarify data ownership with consts for tsig parameters. 273986ba33cSDag-Erling Smørgrav Thanks Michael Weiser 274986ba33cSDag-Erling Smørgrav * bugfix: Fix detection of DSA support with OpenSSL >= 1.1.0 275986ba33cSDag-Erling Smørgrav * bugfix #1160: Provide sha256 for release tarballs 276986ba33cSDag-Erling Smørgrav * --enable-gost-anyway compiles GOST support with OpenSSL >= 1.1.0 277986ba33cSDag-Erling Smørgrav even when the GOST engine is not available. 278986ba33cSDag-Erling Smørgrav 27917d15b25SDag-Erling Smørgrav1.6.17 2014-01-10 28017d15b25SDag-Erling Smørgrav * Fix ldns_dnssec_zone_new_frm_fp_l to allow the last parsed line of a 28117d15b25SDag-Erling Smørgrav zone to be an NSEC3 (or its RRSIG) covering an empty non terminal. 28217d15b25SDag-Erling Smørgrav * Add --disable-dane option to configure and check availability of the 28317d15b25SDag-Erling Smørgrav for dane needed X509_check_ca function in openssl. 28417d15b25SDag-Erling Smørgrav * bugfix #490: Get rid of type-punned pointer warnings. 28517d15b25SDag-Erling Smørgrav Thanks Adam Tkac. 28617d15b25SDag-Erling Smørgrav * Make sure executables are linked against libcrypto with the 28717d15b25SDag-Erling Smørgrav LIBSSL_LDFLAGS. Thanks Leo Baltus. 28817d15b25SDag-Erling Smørgrav * Miscellaneous prototype fixes. Thanks Dag-Erling Smørgrav. 28917d15b25SDag-Erling Smørgrav * README now shows preferred way to configure for examples and drill. 29017d15b25SDag-Erling Smørgrav * Bind to source address for resolvers. drill binds to source with -I. 29117d15b25SDag-Erling Smørgrav Thanks Bryan Duff. 29217d15b25SDag-Erling Smørgrav * -T option for ldns-dane that has specific exit status for PKIX 29317d15b25SDag-Erling Smørgrav validated connections without (secure) TLSA records. 29417d15b25SDag-Erling Smørgrav * Fix b{32,64}_{ntop,pton} detection and handling. 29517d15b25SDag-Erling Smørgrav * New RR type TKEY, but without operational practice. 29617d15b25SDag-Erling Smørgrav * New RR types HIP, NINFO, RKEY, CDS, EUI48, EUI64, URI, CAA and TA. 29717d15b25SDag-Erling Smørgrav * New output format flag (and accompanying functions) to print certain 29817d15b25SDag-Erling Smørgrav RR's as unknown type 29917d15b25SDag-Erling Smørgrav * -u and -U parameter for ldns-read-zone to mark/unmark a RR type 30017d15b25SDag-Erling Smørgrav for printing as unknown type 30117d15b25SDag-Erling Smørgrav * bugfix #504: GPOS RR has three rdata fields. Thanks Jelte Jansen. 30217d15b25SDag-Erling Smørgrav * bugfix #497: Properly test for EOF when reading key files with drill. 30317d15b25SDag-Erling Smørgrav * New functions: ldns_pkt_ixfr_request_new and 30417d15b25SDag-Erling Smørgrav ldns_pkt_ixfr_request_new_frm_str. 30517d15b25SDag-Erling Smørgrav * Use SNI with ldns-dane 30617d15b25SDag-Erling Smørgrav * bugfix #507: ldnsx Fix use of non-existent variables and not 30717d15b25SDag-Erling Smørgrav properly referring to instance variable. Patch from shussain. 30817d15b25SDag-Erling Smørgrav * bugfix #508: ldnsx Adding NSEC3PARAM to known/allowable RR type 30917d15b25SDag-Erling Smørgrav dictionary. Patch from shussain. 31017d15b25SDag-Erling Smørgrav * bugfix #517: ldns_resolver_new_frm_fp error when invoked using a NULL 31117d15b25SDag-Erling Smørgrav file pointer. 31217d15b25SDag-Erling Smørgrav * Fix memory leak in contrib/python: ldns_pkt.new_query. 31317d15b25SDag-Erling Smørgrav * Fix buffer overflow in fget_token and bget_token. 31417d15b25SDag-Erling Smørgrav * ldns-verify-zone NSEC3 checking from quadratic to linear performance. 31517d15b25SDag-Erling Smørgrav Thanks NIC MX (nicmexico.mx) 31617d15b25SDag-Erling Smørgrav * ldns-dane setup new ssl session for each new connect to prevent hangs 31717d15b25SDag-Erling Smørgrav * bugfix #521: drill trace continue on empty non-terminals with NSEC3 31817d15b25SDag-Erling Smørgrav * bugfix #525: Fix documentation of ldns_resolver_set_retry 31917d15b25SDag-Erling Smørgrav * Remove unused LDNS_RDF_TYPE_TSIG and associated functions. 32017d15b25SDag-Erling Smørgrav * Fix ldns_nsec_covers_name for zones with an apex only. Thanks Miek. 32117d15b25SDag-Erling Smørgrav * Configure option to build perl bindings: --with-p5-dns-ldns 32217d15b25SDag-Erling Smørgrav (DNS::LDNS is a contribution from Erik Ostlyngen) 32317d15b25SDag-Erling Smørgrav * bugfix #527: Move -lssl before -lcrypto when linking 32417d15b25SDag-Erling Smørgrav * Optimize TSIG digest function name comparison (Thanks Marc Buijsman) 32517d15b25SDag-Erling Smørgrav * Compare names case insensitive with ldns_pkt_rr_list_by_name and 32617d15b25SDag-Erling Smørgrav ldns_pkt_rr_list_by_name_and_type (thanks Johannes Naab) 32717d15b25SDag-Erling Smørgrav * A separate --enable for each draft RR type: --enable-rrtype-ninfo, 32817d15b25SDag-Erling Smørgrav --enable-rrtype-rkey, --enable-rrtype-cds, --enable-rrtype-uri and 32917d15b25SDag-Erling Smørgrav --enable-rrtype-ta 33017d15b25SDag-Erling Smørgrav * bugfix #530: Don't sign and verify duplicate RRs (Thanks Jelte Jansen) 33117d15b25SDag-Erling Smørgrav * bugfix #505: Manpage and usage output fixes (Thanks Tomas Hozza) 33217d15b25SDag-Erling Smørgrav * Adjust ldns_sha1() so that the input data is not modified (Thanks 33317d15b25SDag-Erling Smørgrav Marc Buijsman) 334*5afab0e5SDag-Erling Smørgrav * Messages to stderr are now off by default and can be re-enabled with 33517d15b25SDag-Erling Smørgrav the --enable-stderr-msgs configure option. 33617d15b25SDag-Erling Smørgrav 3372787e39aSDag-Erling Smørgrav1.6.16 2012-11-13 3382787e39aSDag-Erling Smørgrav * Fix Makefile to build pyldns with BSD make 3392787e39aSDag-Erling Smørgrav * Fix typo in exporting b32_* symbols to make pyldns load again 3402787e39aSDag-Erling Smørgrav * Allow leaving the RR owner name empty in ldns-testns datafiles. 3412787e39aSDag-Erling Smørgrav * Fix fail to create NSEC3 bitmap for empty non-terminal (bug 3422787e39aSDag-Erling Smørgrav introduced in 1.6.14). 3432787e39aSDag-Erling Smørgrav 3442787e39aSDag-Erling Smørgrav1.6.15 2012-10-25 3452787e39aSDag-Erling Smørgrav * Remove LDNS_STATUS_EXISTS_ERR from ldns/error.h to make ldns 3462787e39aSDag-Erling Smørgrav binary compatible with earlier releases again. 3472787e39aSDag-Erling Smørgrav 3482787e39aSDag-Erling Smørgrav1.6.14 2012-10-23 3492787e39aSDag-Erling Smørgrav * DANE support (RFC6698), including ldns-dane example tool. 3502787e39aSDag-Erling Smørgrav * Configurable default CA certificate repository for ldns-dane with 3512787e39aSDag-Erling Smørgrav --with-ca-file=CAFILE and --with-ca-path=CAPATH 3522787e39aSDag-Erling Smørgrav * Configurable default trust anchor with --with-trust-anchor=FILE 3532787e39aSDag-Erling Smørgrav for drill, ldns-verify-zone and ldns-dane 3542787e39aSDag-Erling Smørgrav * bugfix #474: Define socklen_t when undefined (like in Win32) 3552787e39aSDag-Erling Smørgrav * bugfix #473: Dead code removal and resource leak fix in drill 3562787e39aSDag-Erling Smørgrav * bugfix #471: Let ldns_resolver_push_dnssec_anchor accept DS RR's too. 3572787e39aSDag-Erling Smørgrav * Various bugfixes from code reviews from CZ.NIC and Paul Wouters 3582787e39aSDag-Erling Smørgrav * ldns-notify TSIG option argument checking 3592787e39aSDag-Erling Smørgrav * Let ldns_resolver_nameservers_randomize keep nameservers and rtt's 3602787e39aSDag-Erling Smørgrav in sync. 3612787e39aSDag-Erling Smørgrav * Let ldns_pkt_push_rr now return false on (memory) errors. 3622787e39aSDag-Erling Smørgrav * Make buffer_export comply to documentation and fix buffer2str 363*5afab0e5SDag-Erling Smørgrav * Various improvements and fixes of pyldns from Karel Slany 3642787e39aSDag-Erling Smørgrav now documented in their own Changelog. 3652787e39aSDag-Erling Smørgrav * bugfix: Make ldns_resolver_pop_nameserver clear the array when 3662787e39aSDag-Erling Smørgrav there was only one. 3672787e39aSDag-Erling Smørgrav * bugfix #459: Remove ldns_symbols and export symbols based on regex 3682787e39aSDag-Erling Smørgrav * bugfix #458: Track all newly created signatures when signing. 3692787e39aSDag-Erling Smørgrav * bugfix #454: Only set -g and -O2 CFLAGS when no CFLAGS was given. 3702787e39aSDag-Erling Smørgrav * bugfix #457: Memory leak fix for ldns_key_new_frm_algorithm. 3712787e39aSDag-Erling Smørgrav * pyldns memory handling fixes and the python3/ldns-signzone.py 3722787e39aSDag-Erling Smørgrav examples script contribution from Karel Slany. 3732787e39aSDag-Erling Smørgrav * bugfix #450: Base # bytes for P, G and Y (T) on the guaranteed 3742787e39aSDag-Erling Smørgrav to be bigger (or equal) P in ldns_key_dsa2bin. 3752787e39aSDag-Erling Smørgrav * bugfix #449: Deep free cloned rdf's in ldns_tsig_mac_new. 3762787e39aSDag-Erling Smørgrav * bugfix #448: Copy nameserver value (in stead of reference) of the 3772787e39aSDag-Erling Smørgrav answering nameserver to the answer packet in ldns_send_buffer, so 3782787e39aSDag-Erling Smørgrav the original value may be deep freed with the ldns_resolver struct. 3792787e39aSDag-Erling Smørgrav * New -0 option for ldns-read-zone to replace inception, expiration 3802787e39aSDag-Erling Smørgrav and signature rdata fields with (null). Thanks Paul Wouters. 3812787e39aSDag-Erling Smørgrav * New -p option for ldns-read-zone to prepend-pad SOA serial to take 3822787e39aSDag-Erling Smørgrav up ten characters. 3832787e39aSDag-Erling Smørgrav * Return error if printing RR fails due to unknown/null RDATA. 3842787e39aSDag-Erling Smørgrav 3857b5038d7SDag-Erling Smørgrav1.6.13 2012-05-21 3867b5038d7SDag-Erling Smørgrav * New -S option for ldns-verify-zone to chase signatures online. 3877b5038d7SDag-Erling Smørgrav * New -k option for ldns-verify-zone to validate using a trusted key. 3887b5038d7SDag-Erling Smørgrav * New inception and expiration margin options (-i and -e) to 3897b5038d7SDag-Erling Smørgrav ldns-verify-zone. 3907b5038d7SDag-Erling Smørgrav * New ldns_dnssec_zone_new_frm_fp and ldns_dnssec_zone_new_frm_fp_l 3917b5038d7SDag-Erling Smørgrav functions. 3927b5038d7SDag-Erling Smørgrav * New ldns_duration* functions (copied from OpenDNSSEC source) 3937b5038d7SDag-Erling Smørgrav * fix ldns-verify-zone to allow NSEC3 signatures to come before 3947b5038d7SDag-Erling Smørgrav the NSEC3 RR in all cases. Thanks Wolfgang Nagele. 3957b5038d7SDag-Erling Smørgrav * Zero the correct flag (opt-out) when creating NSEC3PARAMS. 3967b5038d7SDag-Erling Smørgrav Thanks Peter van Dijk. 3977b5038d7SDag-Erling Smørgrav * Canonicalize RRSIG's Signer's name too when validating, because 3987b5038d7SDag-Erling Smørgrav bind and unbound do that too. Thanks Peter van Dijk. 3997b5038d7SDag-Erling Smørgrav * bugfix #433: Allocate rdf using ldns_rdf_new in ldns_dname_label 4007b5038d7SDag-Erling Smørgrav * bugfix #432: Use LDNS_MALLOC & LDNS_FREE i.s.o. malloc & free 4017b5038d7SDag-Erling Smørgrav * bugfix #431: Added error message for LDNS_STATUS_INVALID_B32_EXT 402*5afab0e5SDag-Erling Smørgrav * bugfix #427: Explicitly link ssl with the programs that use it. 4037b5038d7SDag-Erling Smørgrav * Fix reading \DDD: Error on values that are outside range (>255). 4047b5038d7SDag-Erling Smørgrav * bugfix #429: fix doxyparse.pl fails on NetBSD because specified 4057b5038d7SDag-Erling Smørgrav path to perl. 4067b5038d7SDag-Erling Smørgrav * New ECDSA support (RFC 6605), use --disable-ecdsa for older openssl. 4077b5038d7SDag-Erling Smørgrav * fix verifying denial of existence for DS's in NSEC3 Opt-Out zones. 4087b5038d7SDag-Erling Smørgrav Thanks John Barnitz 4097b5038d7SDag-Erling Smørgrav 4107b5038d7SDag-Erling Smørgrav1.6.12 2012-01-11 4117b5038d7SDag-Erling Smørgrav * bugfix #413: Fix manpage source for srcdir != builddir 4127b5038d7SDag-Erling Smørgrav * Canonicalize the signers name rdata field in RRSIGs when signing 4137b5038d7SDag-Erling Smørgrav * Ignore minor version of Private-key-format (so v1.3 may be used) 4147b5038d7SDag-Erling Smørgrav * Allow a check_time to be given in stead of always checking against 4157b5038d7SDag-Erling Smørgrav the current time. With ldns-verify-zone the check_time can be set 4167b5038d7SDag-Erling Smørgrav with the -t option. 4177b5038d7SDag-Erling Smørgrav * Added functions for updating and manipulating SOA serial numbers. 4187b5038d7SDag-Erling Smørgrav ldns-read-zone has an option -S for updating and manipulating the 4197b5038d7SDag-Erling Smørgrav serial numbers. 4207b5038d7SDag-Erling Smørgrav * The library Makefile is now GNU and BSD make compatible. 4217b5038d7SDag-Erling Smørgrav * bugfix #419: NSEC3 validation of a name covered by a wildcard with 4227b5038d7SDag-Erling Smørgrav no data. 4237b5038d7SDag-Erling Smørgrav * Two new options (--with-drill and --with-examples) to the main 4247b5038d7SDag-Erling Smørgrav configure script (in the root of the source tree) to build drill 4257b5038d7SDag-Erling Smørgrav and examples too. 4267b5038d7SDag-Erling Smørgrav * Fix days_since_epoch to year_yday calculation on 32bits systems. 4277b5038d7SDag-Erling Smørgrav 4287b5038d7SDag-Erling Smørgrav1.6.11 2011-09-29 4297b5038d7SDag-Erling Smørgrav * bugfix #394: Fix socket leak on errors 4307b5038d7SDag-Erling Smørgrav * bugfix #392: Apex only and percentage checks for ldns-verify-zone 4317b5038d7SDag-Erling Smørgrav (thanks Miek Gieben) 4327b5038d7SDag-Erling Smørgrav * bugfix #398: Allow NSEC RRSIGs before the NSEC3 in ldns-verify-zone 4337b5038d7SDag-Erling Smørgrav * Fix python site package path from sitelib to sitearch for pyldns. 4347b5038d7SDag-Erling Smørgrav * Fix python api to support python2 and python3 (thanks Karel Slany). 4357b5038d7SDag-Erling Smørgrav * bugfix #401: Correction of date/time functions algorithm and 4367b5038d7SDag-Erling Smørgrav prevention of an infinite loop therein 4377b5038d7SDag-Erling Smørgrav * bugfix #402: Correct the minimum and maximum number of rdata fields 4387b5038d7SDag-Erling Smørgrav in TSIG. (thanks David Keeler) 4397b5038d7SDag-Erling Smørgrav * bugfix #403: Fix heap overflow (thanks David Keeler) 4407b5038d7SDag-Erling Smørgrav * bugfix #404: Make parsing APL strings more robust 4417b5038d7SDag-Erling Smørgrav (thanks David Keeler) 4427b5038d7SDag-Erling Smørgrav * bugfix #391: Complete library assessment to prevent assertion errors 4437b5038d7SDag-Erling Smørgrav through ldns_rdf_size usage. 4447b5038d7SDag-Erling Smørgrav * Slightly more specific error messaging on wrong number of rdata 4457b5038d7SDag-Erling Smørgrav fields with the LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG and 4467b5038d7SDag-Erling Smørgrav LDNS_STATUS_MISSING_RDATA_FIELDS_KEY result codes. 4477b5038d7SDag-Erling Smørgrav * bugfix #406: More rigorous openssl result code handling to prevent 4487b5038d7SDag-Erling Smørgrav future crashes within openssl. 4497b5038d7SDag-Erling Smørgrav * Fix ldns_fetch_valid_domain_keys to search deeper than just one level 4507b5038d7SDag-Erling Smørgrav for a DNSKEY that signed a DS RR. (this function was used in the 4517b5038d7SDag-Erling Smørgrav check_dnssec_trace nagios module) 4527b5038d7SDag-Erling Smørgrav * bugfix #407: Canonicalize TSIG dnames and algorithm fields 4537b5038d7SDag-Erling Smørgrav * A new output specifier to accommodate configuration of what to show 4547b5038d7SDag-Erling Smørgrav in comment texts when converting host and/or wire-format data to 4557b5038d7SDag-Erling Smørgrav string. All conversion to string and printing functions have a new 4567b5038d7SDag-Erling Smørgrav version that have such a format specifier as an extra argument. 4577b5038d7SDag-Erling Smørgrav The default is changed so that only DNSKEY RR's are annotated with 4587b5038d7SDag-Erling Smørgrav an comment show the Key Tag of the DNSKEY. 4597b5038d7SDag-Erling Smørgrav * Fixed the ldns resolver to not mark a nameserver unreachable when 4607b5038d7SDag-Erling Smørgrav edns0 is tried unsuccessfully with size 4096 (no return packet came), 4617b5038d7SDag-Erling Smørgrav but to still try TCP. A big UDP packet might have been corrupted by 4627b5038d7SDag-Erling Smørgrav fragments dropping firewalls. 4637b5038d7SDag-Erling Smørgrav * Update of libdns.vim (thanks Miek Gieben) 4647b5038d7SDag-Erling Smørgrav * Added the ldnsx Python module to our contrib section, which adds even 4657b5038d7SDag-Erling Smørgrav more pythonisticism to the usage of ldns with Python. (Many thanks 466*5afab0e5SDag-Erling Smørgrav to Christopher Olah and Paul Wouters) 4677b5038d7SDag-Erling Smørgrav The ldnsx module is automatically installed when --with-pyldns is 4687b5038d7SDag-Erling Smørgrav used with configuring, but may explicitly be excluded with the 4697b5038d7SDag-Erling Smørgrav --without-pyldnsx option to configure. 4707b5038d7SDag-Erling Smørgrav * bugfix #410: Fix clearing out temporary data on stack in sha2.c 4717b5038d7SDag-Erling Smørgrav * bugfix #411: Don't let empty non-terminal NSEC3s cause assertion failure. 4727b5038d7SDag-Erling Smørgrav 4737b5038d7SDag-Erling Smørgrav1.6.10 2011-05-31 4747b5038d7SDag-Erling Smørgrav * New example tool added: ldns-gen-zone. 4757b5038d7SDag-Erling Smørgrav * bugfix #359: Serial-arithmetic for the inception and expiration 4767b5038d7SDag-Erling Smørgrav fields of a RRSIG and correctly converting them to broken-out time 4777b5038d7SDag-Erling Smørgrav information. 4787b5038d7SDag-Erling Smørgrav * bugfix #364: Slight performance increase of ldns-verifyzone. 4797b5038d7SDag-Erling Smørgrav * bugfix #367: Fix to allow glue records with the same name as the 4807b5038d7SDag-Erling Smørgrav delegation. 4817b5038d7SDag-Erling Smørgrav * Fix ldns-verifyzone to allow NSEC3-less records for NS rrsets *and* 4827b5038d7SDag-Erling Smørgrav glue when the zone is opt-out. 4837b5038d7SDag-Erling Smørgrav * bugfix #376: Adapt ldns_nsec3_salt, ldns_nsec3_iterations, 4847b5038d7SDag-Erling Smørgrav ldns_nsec3_flags and ldns_nsec3_algorithm to work for NSEC3PARAMS too. 4857b5038d7SDag-Erling Smørgrav * pyldns memory leaks fixed by Bedrich Kosata (at the cost of a bit 4867b5038d7SDag-Erling Smørgrav performance) 4877b5038d7SDag-Erling Smørgrav * Better handling of reference variables in ldns_rr_new_frm_fp_l from 4887b5038d7SDag-Erling Smørgrav pyldns, with a very nice generator function by Bedrich Kosata. 4897b5038d7SDag-Erling Smørgrav * Decoupling of the rdfs in rrs in the python wrappers to enable 4907b5038d7SDag-Erling Smørgrav the python garbage collector by Bedrich Kosata. 4917b5038d7SDag-Erling Smørgrav * bugfix #380: Minimizing effect of discrepancies in sizeof(bool) at 4927b5038d7SDag-Erling Smørgrav build time and when used. 4937b5038d7SDag-Erling Smørgrav * bugfix #383: Fix detection of empty nonterminals of multiple labels. 494*5afab0e5SDag-Erling Smørgrav * Fixed the omission of rrsets in nsec(3)s and rrsigs to all occluded 4957b5038d7SDag-Erling Smørgrav names (in stead of just the ones that contain glue only) and all 4967b5038d7SDag-Erling Smørgrav occluded records on the delegation points (in stead of just the glue). 4977b5038d7SDag-Erling Smørgrav * Clarify the operation of ldns_dnssec_mark_glue and the usage of 4987b5038d7SDag-Erling Smørgrav ldns_dnssec_node_next_nonglue functions in the documentation. 4997b5038d7SDag-Erling Smørgrav * Added function ldns_dnssec_mark_and_get_glue as an real fast 5007b5038d7SDag-Erling Smørgrav alternative for ldns_zone_glue_rr_list. 5017b5038d7SDag-Erling Smørgrav * Fix parse buffer overflow for max length domain names. 5027b5038d7SDag-Erling Smørgrav * Fix Makefile for U in environment, since wrong U is more common than 5037b5038d7SDag-Erling Smørgrav deansification necessity. 5047b5038d7SDag-Erling Smørgrav 5057b5038d7SDag-Erling Smørgrav1.6.9 2011-03-16 5067b5038d7SDag-Erling Smørgrav * Fix creating NSEC(3) bitmaps: make array size 65536, 5077b5038d7SDag-Erling Smørgrav don't add doubles. 5087b5038d7SDag-Erling Smørgrav * Fix printout of escaped binary in TXT records. 5097b5038d7SDag-Erling Smørgrav * Parsing TXT records: don't skip starting whitespace that is quoted. 5107b5038d7SDag-Erling Smørgrav * bugfix #358: Check if memory was successfully allocated in 5117b5038d7SDag-Erling Smørgrav ldns_rdf2str(). 5127b5038d7SDag-Erling Smørgrav * Added more memory allocation checks in host2str.c 5137b5038d7SDag-Erling Smørgrav * python wrapper for ldns_fetch_valid_domain_keys by Bedrich Kosata. 5147b5038d7SDag-Erling Smørgrav * fix to compile python wrapper with swig 2.0.2. 5157b5038d7SDag-Erling Smørgrav * Don't fallback to SHA-1 when creating NSEC3 hash with another 5167b5038d7SDag-Erling Smørgrav algorithm identifier, fail instead (no other algorithm identifiers 5177b5038d7SDag-Erling Smørgrav are assigned yet). 5187b5038d7SDag-Erling Smørgrav 5197b5038d7SDag-Erling Smørgrav1.6.8 2011-01-24 5207b5038d7SDag-Erling Smørgrav * Fix ldns zone, so that $TTL definition match RFC 2308. 5217b5038d7SDag-Erling Smørgrav * Fix lots of missing checks on allocation failures and parse of 5227b5038d7SDag-Erling Smørgrav NSEC with many types and max parse length in hosts_frm_fp routine 5237b5038d7SDag-Erling Smørgrav and off by one in read_anchor_file routine (thanks Dan Kaminsky and 5247b5038d7SDag-Erling Smørgrav Justin Ferguson). 5257b5038d7SDag-Erling Smørgrav * bugfix #335: Drill: Print both SHA-1 and SHA-256 corresponding DS 5267b5038d7SDag-Erling Smørgrav records. 5277b5038d7SDag-Erling Smørgrav * Print correct WHEN in query packet (is not always 1-1-1970) 5287b5038d7SDag-Erling Smørgrav * ldns-test-edns: new example tool that detects EDNS support. 5297b5038d7SDag-Erling Smørgrav * fix ldns_resolver_send without openssl. 5307b5038d7SDag-Erling Smørgrav * bugfix #342: patch for support for more CERT key types (RFC4398). 5317b5038d7SDag-Erling Smørgrav * bugfix #351: fix udp_send hang if UDP checksum error. 5327b5038d7SDag-Erling Smørgrav * fix set_bit (from NSEC3 sign) patch from Jan Komissar. 5337b5038d7SDag-Erling Smørgrav 5347b5038d7SDag-Erling Smørgrav1.6.7 2010-11-08 5357b5038d7SDag-Erling Smørgrav * EXPERIMENTAL ecdsa implementation, please do not enable on real 5367b5038d7SDag-Erling Smørgrav servers. 5377b5038d7SDag-Erling Smørgrav * GOST code enabled by default (RFC 5933). 5387b5038d7SDag-Erling Smørgrav * bugfix #326: ignore whitespace between directives and their values. 5397b5038d7SDag-Erling Smørgrav * Header comment to advertise ldns_axfr_complete to check for 5407b5038d7SDag-Erling Smørgrav successfully completed zone transfers. 5417b5038d7SDag-Erling Smørgrav * read resolv.conf skips interface labels, e.g. %eth0. 5427b5038d7SDag-Erling Smørgrav * Fix drill verify NSEC3 denials. 5437b5038d7SDag-Erling Smørgrav * Use closesocket() on windows. 5447b5038d7SDag-Erling Smørgrav * Add ldns_get_signing_algorithm_by_name that understand aliases, 5457b5038d7SDag-Erling Smørgrav names changed to RFC names and aliases for compatibility added. 5467b5038d7SDag-Erling Smørgrav * bugfix: don't print final dot if the domain is relative. 5477b5038d7SDag-Erling Smørgrav * bugfix: resolver search continue when packet rcode != NOERROR. 5487b5038d7SDag-Erling Smørgrav * bugfix: resolver push all domains in search directive to list. 5497b5038d7SDag-Erling Smørgrav * bugfix: resolver search by default includes the root domain. 5507b5038d7SDag-Erling Smørgrav * bugfix: tcp read could fail on single octet recv. 5517b5038d7SDag-Erling Smørgrav * bugfix: read of RR in unknown syntax with missing fields. 5527b5038d7SDag-Erling Smørgrav * added ldns_pkt_tsig_sign_next() and ldns_pkt_tsig_verify_next() 5537b5038d7SDag-Erling Smørgrav to sign and verify TSIG RRs on subsequent messages 5547b5038d7SDag-Erling Smørgrav (section 4.4, RFC 2845, thanks to Michael Sheldon). 5557b5038d7SDag-Erling Smørgrav * bugfix: signer sigs nsecs with zsks only. 5567b5038d7SDag-Erling Smørgrav * bugfix #333: fix ldns_dname_absolute for name ending with backslash. 5577b5038d7SDag-Erling Smørgrav 5587b5038d7SDag-Erling Smørgrav1.6.6 2010-08-09 5597b5038d7SDag-Erling Smørgrav * Fix ldns_rr_clone to copy question rrs properly. 5607b5038d7SDag-Erling Smørgrav * Fix ldns_sign_zone(_nsec3) to clone the soa for the new zone. 5617b5038d7SDag-Erling Smørgrav * Fix ldns_wire2dname size check from reading 1 byte beyond buffer end. 5627b5038d7SDag-Erling Smørgrav * Fix ldns_wire2dname from reading 1 byte beyond end for pointer. 5637b5038d7SDag-Erling Smørgrav * Fix crash using GOST for particular platform configurations. 5647b5038d7SDag-Erling Smørgrav * extern C declarations used in the header file. 5657b5038d7SDag-Erling Smørgrav * Removed debug fprintf from resolver.c. 5667b5038d7SDag-Erling Smørgrav * ldns-signzone checks if public key file is for the right zone. 5677b5038d7SDag-Erling Smørgrav * NETLDNS, .NET port of ldns functionality, by Alex Nicoll, in contrib. 5687b5038d7SDag-Erling Smørgrav * Fix handling of comments in resolv.conf parse. 5697b5038d7SDag-Erling Smørgrav * GOST code enabled if SSL recent, RFC 5933. 5707b5038d7SDag-Erling Smørgrav * bugfix #317: segfault util.c ldns_init_random() fixed. 5717b5038d7SDag-Erling Smørgrav * Fix ldns_tsig_mac_new: allocate enough memory for the hash, fix use of 5727b5038d7SDag-Erling Smørgrav b64_pton_calculate_size. 5737b5038d7SDag-Erling Smørgrav * Fix ldns_dname_cat: size calculation and handling of realloc(). 5747b5038d7SDag-Erling Smørgrav * Fix ldns_rr_pop_rdf: fix handling of realloc(). 5757b5038d7SDag-Erling Smørgrav * Fix ldns-signzone for single type key scheme: sign whole zone if there 5767b5038d7SDag-Erling Smørgrav are only KSKs. 5777b5038d7SDag-Erling Smørgrav * Fix ldns_resolver: also close socket if AXFR failed (if you don't, 5787b5038d7SDag-Erling Smørgrav it would block subsequent transfers (thanks Roland van Rijswijk). 5797b5038d7SDag-Erling Smørgrav * Fix drill: allow for a secure trace if you use DS records as trust 5807b5038d7SDag-Erling Smørgrav anchors (thanks Jan Komissar). 5817b5038d7SDag-Erling Smørgrav 5827b5038d7SDag-Erling Smørgrav1.6.5 2010-06-15 5837b5038d7SDag-Erling Smørgrav * Catch \X where X is a digit as an error. 5847b5038d7SDag-Erling Smørgrav * Fix segfault when ip6 ldns resolver only has ip4 servers. 5857b5038d7SDag-Erling Smørgrav * Fix NSEC record after DNSKEY at zone apex not properly signed. 5867b5038d7SDag-Erling Smørgrav * Fix syntax error if last label too long and no dot at end of domain. 5877b5038d7SDag-Erling Smørgrav * Fix parse of \# syntax with space for type LOC. 5887b5038d7SDag-Erling Smørgrav * Fix ldns_dname_absolute for escape sequences, fixes some parse errs. 5897b5038d7SDag-Erling Smørgrav * bugfix #297: linking ssl, bug due to patch submitted as #296. 5907b5038d7SDag-Erling Smørgrav * bugfix #299: added missing declarations to host2str.h 5917b5038d7SDag-Erling Smørgrav * ldns-compare-zones -s to not exclude SOA record from comparison. 5927b5038d7SDag-Erling Smørgrav * --disable-rpath fix 5937b5038d7SDag-Erling Smørgrav * fix ldns_pkt_empty(), reported by Alex Nicoll. 5947b5038d7SDag-Erling Smørgrav * fix ldns_resolver_new_frm_fp not ignore lines after a comment. 5957b5038d7SDag-Erling Smørgrav * python code for ldns_rr.new_question_frm_str() 5967b5038d7SDag-Erling Smørgrav * Fix ldns_dnssec_verify_denial: the signature selection routine. 5977b5038d7SDag-Erling Smørgrav * Type TALINK parsed (draft-ietf-dnsop-trust-history). 5987b5038d7SDag-Erling Smørgrav * bugfix #304: fixed dead loop in ldns_tcp_read_wire() and 5997b5038d7SDag-Erling Smørgrav ldns_tcp_read_wire_timeout(). 6007b5038d7SDag-Erling Smørgrav * GOST support with correct algorithm numbers. The plan is to make it 6017b5038d7SDag-Erling Smørgrav enabled if openssl support is detected, but it is disabled by 6027b5038d7SDag-Erling Smørgrav default in this release because the RFC is not ready. 6037b5038d7SDag-Erling Smørgrav * Fixed comment in rbtree.h about being first member and data ptr. 6047b5038d7SDag-Erling Smørgrav * Fixed possibly leak in case of out of memory in ldns_native2rdf... 6057b5038d7SDag-Erling Smørgrav * ldns_dname_is_wildcard added. 6067b5038d7SDag-Erling Smørgrav * Fixed: signatures over wildcards had the wrong labelcount. 6077b5038d7SDag-Erling Smørgrav * Fixed ldns_verify() inconsistent return values. 6087b5038d7SDag-Erling Smørgrav * Fixed ldns_resolver to copy and free tsig name, data and algorithm. 6097b5038d7SDag-Erling Smørgrav * Fixed ldns_resolver to push search onto searchlist. 6107b5038d7SDag-Erling Smørgrav * A ldns resolver now defaults to a non-recursive resolver that handles 6117b5038d7SDag-Erling Smørgrav the TC bit. 6127b5038d7SDag-Erling Smørgrav * ldns_resolver_print() prints more details. 6137b5038d7SDag-Erling Smørgrav * Fixed ldns_rdf2buffer_str_time(), which did not print timestamps 6147b5038d7SDag-Erling Smørgrav on 64bit systems. 6157b5038d7SDag-Erling Smørgrav * Make ldns_resolver_nameservers_randomize() more random. 6167b5038d7SDag-Erling Smørgrav * bugfix #310: POSIX specifies NULL second argument of gettimeofday. 6177b5038d7SDag-Erling Smørgrav * fix compiler warnings from llvm clang compiler. 6187b5038d7SDag-Erling Smørgrav * bugfix #309: ldns_pkt_clone did not clone the tsig_rr. 6197b5038d7SDag-Erling Smørgrav * Fix gentoo ebuild for drill, 'no m4 directory'. 6207b5038d7SDag-Erling Smørgrav * bugfix #313: drill trace on an empty nonterminal continuation. 6217b5038d7SDag-Erling Smørgrav 6227b5038d7SDag-Erling Smørgrav1.6.4 2010-01-20 6237b5038d7SDag-Erling Smørgrav * Imported pyldns contribution by Zdenek Vasicek and Karel Slany. 6247b5038d7SDag-Erling Smørgrav Changed its configure and Makefile to fit into ldns. 6257b5038d7SDag-Erling Smørgrav Added its dname_* methods to the rdf_* class (as is the ldns API). 6267b5038d7SDag-Erling Smørgrav Changed swig destroy of ldns_buffer class to ldns_buffer_free. 6277b5038d7SDag-Erling Smørgrav Declared ldns_pkt_all and ldns_pkt_all_noquestion so swig sees them. 6287b5038d7SDag-Erling Smørgrav * Bugfix: parse PTR target of .tomhendrikx.nl with error not crash. 6297b5038d7SDag-Erling Smørgrav * Bugfix: handle escaped characters in TXT rdata. 6307b5038d7SDag-Erling Smørgrav * bug292: no longer crash on malformed domain names where a label is 6317b5038d7SDag-Erling Smørgrav on position 255, which was a buffer overflow by one. 6327b5038d7SDag-Erling Smørgrav * Fix ldns_get_rr_list_hosts_frm_fp_l (strncpy to strlcpy change), 6337b5038d7SDag-Erling Smørgrav which fixes resolv.conf reading badly terminated string buffers. 6347b5038d7SDag-Erling Smørgrav * Fix ldns_pkt_set_random_id to be more random, and a little faster, 6357b5038d7SDag-Erling Smørgrav it did not do value 0 statistically correctly. 6367b5038d7SDag-Erling Smørgrav * Fix ldns_rdf2native_sockaddr_storage to set sockaddr type to zeroes, 6377b5038d7SDag-Erling Smørgrav for portability. 6387b5038d7SDag-Erling Smørgrav * bug295: nsec3-hash routine no longer case sensitive. 6397b5038d7SDag-Erling Smørgrav * bug298: drill failed nsec3 denial of existence proof. 6407b5038d7SDag-Erling Smørgrav 6417b5038d7SDag-Erling Smørgrav1.6.3 2009-12-04 6427b5038d7SDag-Erling Smørgrav * Bugfix: allow for unknown resource records in zonefile with rdlen=0. 6437b5038d7SDag-Erling Smørgrav * Bugfix: also mark an RR as question if it comes from the wire 6447b5038d7SDag-Erling Smørgrav * Bugfix: NSEC3 bitmap contained NSEC 6457b5038d7SDag-Erling Smørgrav * Bugfix: Inherit class when creating signatures 6467b5038d7SDag-Erling Smørgrav 6477b5038d7SDag-Erling Smørgrav1.6.2 2009-11-12 6487b5038d7SDag-Erling Smørgrav * Fix Makefile patch from Havard Eidnes, better install.sh usage. 6497b5038d7SDag-Erling Smørgrav * Fix parse error on SOA serial of 2910532839. 6507b5038d7SDag-Erling Smørgrav Fix print of ';' and readback of '\;' in names, also for '\\'. 6517b5038d7SDag-Erling Smørgrav Fix parse of '\(' and '\)' in names. Also for file read. Also '\.' 6527b5038d7SDag-Erling Smørgrav * Fix signature creation when TTLs are different for RRs in RRset. 6537b5038d7SDag-Erling Smørgrav * bug273: fix so EDNS rdata is included in pkt to wire conversion. 6547b5038d7SDag-Erling Smørgrav * bug274: fix use of c++ keyword 'class' for RR class in the code. 6557b5038d7SDag-Erling Smørgrav * bug275: fix memory leak of packet edns rdata. 6567b5038d7SDag-Erling Smørgrav * Fix timeout procedure for TCP and AXFR on Solaris. 6577b5038d7SDag-Erling Smørgrav * Fix occasional NSEC bitmap bogus 6587b5038d7SDag-Erling Smørgrav * Fix rr comparing (was in reversed order since 1.6.0) 6597b5038d7SDag-Erling Smørgrav * bug278: fix parsing HINFO rdata (and other cases). 6607b5038d7SDag-Erling Smørgrav * Fix previous owner name: also pick up if owner name is @. 6617b5038d7SDag-Erling Smørgrav * RFC5702: enabled sha2 functions by default. This requires OpenSSL 0.9.8 or higher. 6627b5038d7SDag-Erling Smørgrav Reason for this default is the root to be signed with RSASHA256. 6637b5038d7SDag-Erling Smørgrav * Fix various LDNS RR parsing issues: IPSECKEY, WKS, NSAP, very long lines 6647b5038d7SDag-Erling Smørgrav * Fix: Make ldns_dname_is_subdomain case insensitive. 6657b5038d7SDag-Erling Smørgrav * Fix ldns-verify-zone so that address records at zone NS set are not considered glue 6667b5038d7SDag-Erling Smørgrav (Or glue records fall below delegation) 6677b5038d7SDag-Erling Smørgrav * Fix LOC RR altitude printing. 6687b5038d7SDag-Erling Smørgrav * Feature: Added period (e.g. '3m6d') support at explicit TTLs. 6697b5038d7SDag-Erling Smørgrav * Feature: DNSKEY rrset by default signed with minimal signatures 6707b5038d7SDag-Erling Smørgrav but -A option for ldns-signzone to sign it with all keys. 6717b5038d7SDag-Erling Smørgrav This makes the DNSKEY responses smaller for signed domains. 6727b5038d7SDag-Erling Smørgrav 6737b5038d7SDag-Erling Smørgrav1.6.1 2009-09-14 6747b5038d7SDag-Erling Smørgrav * --enable-gost : use the GOST algorithm (experimental). 6757b5038d7SDag-Erling Smørgrav * Added some missing options to drill manpage 6767b5038d7SDag-Erling Smørgrav * Some fixes to --without-ssl option 677*5afab0e5SDag-Erling Smørgrav * Fixed quote parsing within strings 6787b5038d7SDag-Erling Smørgrav * Bitmask fix in EDNS handling 6797b5038d7SDag-Erling Smørgrav * Fixed non-fqdn domain name completion for rdata field domain 6807b5038d7SDag-Erling Smørgrav names of length 1 6817b5038d7SDag-Erling Smørgrav * Fixed chain validation with SHA256 DS records 6827b5038d7SDag-Erling Smørgrav 6837b5038d7SDag-Erling Smørgrav1.6.0 6847b5038d7SDag-Erling Smørgrav Additions: 6857b5038d7SDag-Erling Smørgrav * Addition of an ldns-config script which gives cflags and libs 6867b5038d7SDag-Erling Smørgrav values, for use in configure scripts for applications that use 6877b5038d7SDag-Erling Smørgrav use ldns. Can be disabled with ./configure --disable-ldns-config 6887b5038d7SDag-Erling Smørgrav * Added direct sha1, sha256, and sha512 support in ldns. 6897b5038d7SDag-Erling Smørgrav With these functions, all NSEC3 functionality can still be 6907b5038d7SDag-Erling Smørgrav used, even if ldns is built without OpenSSL. Thanks to OpenBSD, 6917b5038d7SDag-Erling Smørgrav Steve Reid, and Aaron D. Gifford for the code. 6927b5038d7SDag-Erling Smørgrav * Added reading/writing support for the SPF Resource Record 6937b5038d7SDag-Erling Smørgrav * Base32 functions are now exported 6947b5038d7SDag-Erling Smørgrav Bugfixes: 6957b5038d7SDag-Erling Smørgrav * ldns_is_rrset did not go through the complete rrset, but 6967b5038d7SDag-Erling Smørgrav only compared the first two records. Thanks to Olafur 6977b5038d7SDag-Erling Smørgrav Gudmundsson for report and patch 6987b5038d7SDag-Erling Smørgrav * Fixed a small memory bug in ldns_rr_list_subtype_by_rdf(), 6997b5038d7SDag-Erling Smørgrav thanks to Marius Rieder for finding an patching this. 7007b5038d7SDag-Erling Smørgrav * --without-ssl should now work. Make sure that examples/ and 7017b5038d7SDag-Erling Smørgrav drill also get the --without-ssl flag on their configure, if 7027b5038d7SDag-Erling Smørgrav this is used. 7037b5038d7SDag-Erling Smørgrav * Some malloc() return value checks have been added 7047b5038d7SDag-Erling Smørgrav * NSEC3 creation has been improved wrt to empty nonterminals, 7057b5038d7SDag-Erling Smørgrav and opt-out. 7067b5038d7SDag-Erling Smørgrav * Fixed a bug in the parser when reading large NSEC3 salt 7077b5038d7SDag-Erling Smørgrav values. 7087b5038d7SDag-Erling Smørgrav * Made the allowed length for domain names on wire 7097b5038d7SDag-Erling Smørgrav and presentation format the same. 7107b5038d7SDag-Erling Smørgrav Example tools: 7117b5038d7SDag-Erling Smørgrav * ldns-key2ds can now also generate DS records for keys without 7127b5038d7SDag-Erling Smørgrav the SEP flag 7137b5038d7SDag-Erling Smørgrav * ldns-signzone now equalizes the TTL of the DNSKEY RRset (to 7147b5038d7SDag-Erling Smørgrav the first non-default DNSKEY TTL value it sees) 7157b5038d7SDag-Erling Smørgrav 7167b5038d7SDag-Erling Smørgrav1.5.1 7177b5038d7SDag-Erling Smørgrav Example tools: 7187b5038d7SDag-Erling Smørgrav * ldns-signzone was broken in 1.5.0 for multiple keys, this 7197b5038d7SDag-Erling Smørgrav has been repaired 7207b5038d7SDag-Erling Smørgrav 7217b5038d7SDag-Erling Smørgrav Build system: 7227b5038d7SDag-Erling Smørgrav * Removed a small erroneous output warning in 7237b5038d7SDag-Erling Smørgrav examples/configure and drill/configure 7247b5038d7SDag-Erling Smørgrav 7257b5038d7SDag-Erling Smørgrav1.5.0 7267b5038d7SDag-Erling Smørgrav Bug fixes: 7277b5038d7SDag-Erling Smørgrav * fixed a possible memory overflow in the RR parser 7287b5038d7SDag-Erling Smørgrav * build flag fix for Sun Studio 7297b5038d7SDag-Erling Smørgrav * fixed a building race condition in the copying of header 7307b5038d7SDag-Erling Smørgrav files 7317b5038d7SDag-Erling Smørgrav * EDNS0 extended rcode; the correct assembled code number 7327b5038d7SDag-Erling Smørgrav is now printed (still in the EDNS0 field, though) 7337b5038d7SDag-Erling Smørgrav * ldns_pkt_rr no longer leaks memory (in fact, it no longer 7347b5038d7SDag-Erling Smørgrav copies anything all) 7357b5038d7SDag-Erling Smørgrav 7367b5038d7SDag-Erling Smørgrav API addition: 7377b5038d7SDag-Erling Smørgrav * ldns_key now has support for 'external' data, in which 7387b5038d7SDag-Erling Smørgrav case the OpenSSL EVP structures are not used; 7397b5038d7SDag-Erling Smørgrav ldns_key_set_external_key() and ldns_key_external_key() 7407b5038d7SDag-Erling Smørgrav * added ldns_key_get_file_base_name() which creates a 7417b5038d7SDag-Erling Smørgrav 'default' filename base string for key storage, of the 7427b5038d7SDag-Erling Smørgrav form "K<zone>+<algorithm>+<keytag>" 7437b5038d7SDag-Erling Smørgrav * the ldns_dnssec_* family of structures now have deep_free() 7447b5038d7SDag-Erling Smørgrav functions, which also free the ldns_rr's contained in them 7457b5038d7SDag-Erling Smørgrav * there is now an ldns_match_wildcard() function, which checks 7467b5038d7SDag-Erling Smørgrav whether a domain name matches a wildcard name 7477b5038d7SDag-Erling Smørgrav * ldns_sign_public has been split up; this resulted in the 7487b5038d7SDag-Erling Smørgrav addition of ldns_create_empty_rrsig() and 7497b5038d7SDag-Erling Smørgrav ldns_sign_public_buffer() 7507b5038d7SDag-Erling Smørgrav 7517b5038d7SDag-Erling Smørgrav Examples: 7527b5038d7SDag-Erling Smørgrav * ldns-signzone can now automatically add DNSKEY records when 7537b5038d7SDag-Erling Smørgrav using an OpenSSL engine, as it already did when using key 7547b5038d7SDag-Erling Smørgrav files 7557b5038d7SDag-Erling Smørgrav * added new example tool: ldns-nsec3-hash 7567b5038d7SDag-Erling Smørgrav * ldns-dpa can now filter on specific query name and types 7577b5038d7SDag-Erling Smørgrav * ldnsd has fixes for the zone name, a fix for the return 7587b5038d7SDag-Erling Smørgrav value of recvfrom(), and an memory initialization fix 7597b5038d7SDag-Erling Smørgrav (Thanks to Colm MacCárthaigh for the patch) 7607b5038d7SDag-Erling Smørgrav * Fixed memory leaks in ldnsd 7617b5038d7SDag-Erling Smørgrav 7627b5038d7SDag-Erling Smørgrav 7637b5038d7SDag-Erling Smørgrav 7647b5038d7SDag-Erling Smørgrav1.4.1 7657b5038d7SDag-Erling Smørgrav Bug fixes: 7667b5038d7SDag-Erling Smørgrav * fixed a build issue where ldns lib existence was done too early 7677b5038d7SDag-Erling Smørgrav * removed unnecessary check for pcap.h 7687b5038d7SDag-Erling Smørgrav * NSEC3 optout flag now correctly printed in string output 7697b5038d7SDag-Erling Smørgrav * inttypes.h moved to configured inclusion 7707b5038d7SDag-Erling Smørgrav * fixed NSEC3 type bitmaps for empty nonterminals and unsigned 7717b5038d7SDag-Erling Smørgrav delegations 7727b5038d7SDag-Erling Smørgrav 7737b5038d7SDag-Erling Smørgrav API addition: 7747b5038d7SDag-Erling Smørgrav * for that last fix, we added a new function 7757b5038d7SDag-Erling Smørgrav ldns_dname_add_from() that can clone parts of a dname 7767b5038d7SDag-Erling Smørgrav 7777b5038d7SDag-Erling Smørgrav1.4.0 7787b5038d7SDag-Erling Smørgrav Bug fixes: 7797b5038d7SDag-Erling Smørgrav * sig chase return code fix (patch from Rafael Justo, bug id 189) 7807b5038d7SDag-Erling Smørgrav * rdata.c memory leaks on error and allocation checks fixed (patch 7817b5038d7SDag-Erling Smørgrav from Shane Kerr, bug id 188) 7827b5038d7SDag-Erling Smørgrav * zone.c memory leaks on error and allocation checks fixed (patch 7837b5038d7SDag-Erling Smørgrav from Shane Kerr, bug id 189) 784*5afab0e5SDag-Erling Smørgrav * ldns-zsplit output and error messages fixed (patch from Shane Kerr, 7857b5038d7SDag-Erling Smørgrav bug id 190) 7867b5038d7SDag-Erling Smørgrav * Fixed potential buffer overflow in ldns_str2rdf_dname 7877b5038d7SDag-Erling Smørgrav * Signing code no longer signs delegation NS rrsets 7887b5038d7SDag-Erling Smørgrav * Some minor configure/makefile updates 7897b5038d7SDag-Erling Smørgrav * Fixed a bug in the randomness initialization 7907b5038d7SDag-Erling Smørgrav * Fixed a bug in the reading of resolv.conf 7917b5038d7SDag-Erling Smørgrav * Fixed a bug concerning whitespace in zone data (with patch from Ondrej 7927b5038d7SDag-Erling Smørgrav Sury, bug 213) 7937b5038d7SDag-Erling Smørgrav * Fixed a small fallback problem in axfr client code 7947b5038d7SDag-Erling Smørgrav 7957b5038d7SDag-Erling Smørgrav API CHANGES: 7967b5038d7SDag-Erling Smørgrav * added 2str convenience functions: 7977b5038d7SDag-Erling Smørgrav - ldns_rr_type2str 7987b5038d7SDag-Erling Smørgrav - ldns_rr_class2str 7997b5038d7SDag-Erling Smørgrav - ldns_rr_type2buffer_str 8007b5038d7SDag-Erling Smørgrav - ldns_rr_class2buffer_str 8017b5038d7SDag-Erling Smørgrav * buffer2str() is now called ldns_buffer2str 8027b5038d7SDag-Erling Smørgrav * base32 and base64 function names are now also prepended with ldns_ 8037b5038d7SDag-Erling Smørgrav * ldns_rr_new_frm_str() now returns an error on missing RDATA fields. 8047b5038d7SDag-Erling Smørgrav Since you cannot read QUESTION section RRs with this anymore, 8057b5038d7SDag-Erling Smørgrav there is now a function called ldns_rr_new_question_frm_str() 8067b5038d7SDag-Erling Smørgrav 8077b5038d7SDag-Erling Smørgrav LIBRARY FEATURES: 8087b5038d7SDag-Erling Smørgrav * DS RRs string representation now add bubblebabble in a comment 8097b5038d7SDag-Erling Smørgrav (patch from Jakob Schlyter) 8107b5038d7SDag-Erling Smørgrav * DLV RR type added 8117b5038d7SDag-Erling Smørgrav * TCP fallback system has been improved 8127b5038d7SDag-Erling Smørgrav * HMAC-SHA256 TSIG support has been added. 813*5afab0e5SDag-Erling Smørgrav * TTLS are now correctly set in NSEC(3) records when signing zones 8147b5038d7SDag-Erling Smørgrav 8157b5038d7SDag-Erling Smørgrav EXAMPLE TOOLS: 8167b5038d7SDag-Erling Smørgrav * New example: ldns-revoke to revoke DNSKEYs according to RFC5011 8177b5038d7SDag-Erling Smørgrav * ldns-testpkts has been fixed and updated 8187b5038d7SDag-Erling Smørgrav * ldns-signzone now has the option to not add the DNSKEY 8197b5038d7SDag-Erling Smørgrav * ldns-signzone now has an (full zone only) opt-out option for 8207b5038d7SDag-Erling Smørgrav NSEC3 8217b5038d7SDag-Erling Smørgrav * ldns-keygen can create HMAC-SHA1 and HMAC-SHA256 symmetric keys 8227b5038d7SDag-Erling Smørgrav * ldns-walk output has been fixed 8237b5038d7SDag-Erling Smørgrav * ldns-compare-zones has been fixed, and now has an option 8247b5038d7SDag-Erling Smørgrav to show all differences (-a) 8257b5038d7SDag-Erling Smørgrav * ldns-read-zone now has an option to print DNSSEC records only 8267b5038d7SDag-Erling Smørgrav 8277b5038d7SDag-Erling Smørgrav1.3 8287b5038d7SDag-Erling Smørgrav Base library: 8297b5038d7SDag-Erling Smørgrav 8307b5038d7SDag-Erling Smørgrav * Added a new family of functions based around ldns_dnssec_zone, 8317b5038d7SDag-Erling Smørgrav which is a new structure that keeps a zone sorted through an 8327b5038d7SDag-Erling Smørgrav rbtree and links signatures and NSEC(3) records directly to their 8337b5038d7SDag-Erling Smørgrav RRset. These functions all start with ldns_dnssec_ 8347b5038d7SDag-Erling Smørgrav 8357b5038d7SDag-Erling Smørgrav * ldns_zone_sign and ldns_zone_sign_nsec3 are now deprecated, but 8367b5038d7SDag-Erling Smørgrav have been changed to internally use the new 8377b5038d7SDag-Erling Smørgrav ldns_dnssec_zone_sign(_nsec3) 8387b5038d7SDag-Erling Smørgrav 8397b5038d7SDag-Erling Smørgrav * Moved some ldns_buffer functions inline, so a clean rebuild of 8407b5038d7SDag-Erling Smørgrav applications relying on those is needed (otherwise you'll get 8417b5038d7SDag-Erling Smørgrav linker errors) 8427b5038d7SDag-Erling Smørgrav * ldns_dname_label now returns one extra (zero) 8437b5038d7SDag-Erling Smørgrav byte, so it can be seen as an fqdn. 8447b5038d7SDag-Erling Smørgrav * NSEC3 type code update for signing algorithms. 8457b5038d7SDag-Erling Smørgrav * DSA key generation of DNSKEY RRs fixed (one byte too small). 8467b5038d7SDag-Erling Smørgrav 8477b5038d7SDag-Erling Smørgrav * Added support for RSA/SHA256 and RSA/SHA512, as specified in 8487b5038d7SDag-Erling Smørgrav draft-ietf-dnsext-dnssec-rsasha256-04. The typecodes are not 8497b5038d7SDag-Erling Smørgrav final, and this feature is not enabled by default. It can be 8507b5038d7SDag-Erling Smørgrav enabled at compilation time with the flag --with-sha2 8517b5038d7SDag-Erling Smørgrav 8527b5038d7SDag-Erling Smørgrav * Added 2wire_canonical family of functions that lowercase dnames 8537b5038d7SDag-Erling Smørgrav in rdata fields in resource records of the types in the list in 8547b5038d7SDag-Erling Smørgrav rfc3597 8557b5038d7SDag-Erling Smørgrav 8567b5038d7SDag-Erling Smørgrav * Added base32 conversion functions. 8577b5038d7SDag-Erling Smørgrav 8587b5038d7SDag-Erling Smørgrav * Fixed DSA RRSIG conversion when calling OpenSSL 8597b5038d7SDag-Erling Smørgrav 8607b5038d7SDag-Erling Smørgrav Drill: 8617b5038d7SDag-Erling Smørgrav 8627b5038d7SDag-Erling Smørgrav * Chase output is completely different, it shows, in ascii, the 8637b5038d7SDag-Erling Smørgrav relations in the trust hierarchy. 8647b5038d7SDag-Erling Smørgrav 8657b5038d7SDag-Erling Smørgrav Examples: 8667b5038d7SDag-Erling Smørgrav * Added ldns-verify-zone, that can verify the internal DNSSEC records 8677b5038d7SDag-Erling Smørgrav of a signed BIND-style zone file 8687b5038d7SDag-Erling Smørgrav 8697b5038d7SDag-Erling Smørgrav * ldns-keygen now takes an -a argument specifying the algorithm, 8707b5038d7SDag-Erling Smørgrav instead of -R or -D. -a list show a list of supported algorithms 8717b5038d7SDag-Erling Smørgrav 8727b5038d7SDag-Erling Smørgrav * ldns-keygen now defaults to the exponent RSA_F4 instead of RSA_3 8737b5038d7SDag-Erling Smørgrav for RSA key generation 8747b5038d7SDag-Erling Smørgrav 8757b5038d7SDag-Erling Smørgrav * ldns-signzone now has support for HSMs 8767b5038d7SDag-Erling Smørgrav * ldns-signzone uses the new ldns_dnssec_ structures and functions 8777b5038d7SDag-Erling Smørgrav which improves its speed, and output; RRSIGS are now placed 8787b5038d7SDag-Erling Smørgrav directly after their RRset, NSEC(3) records directly after the 8797b5038d7SDag-Erling Smørgrav name they handle 8807b5038d7SDag-Erling Smørgrav 8817b5038d7SDag-Erling Smørgrav Contrib: 8827b5038d7SDag-Erling Smørgrav * new contrib/ dir with user contributions 8837b5038d7SDag-Erling Smørgrav * added compilation script for solaris (thanks to Jakob Schlyter) 8847b5038d7SDag-Erling Smørgrav 8857b5038d7SDag-Erling Smørgrav28 Nov 2007 1.2.2: 8867b5038d7SDag-Erling Smørgrav * Added support for HMAC-MD5 keys in generator 8877b5038d7SDag-Erling Smørgrav * Added a new example tool (written by Ondrej Sury): ldns-compare-zones 888*5afab0e5SDag-Erling Smørgrav * ldns-keygen now checks key sizes for rfc conformance 8897b5038d7SDag-Erling Smørgrav * ldns-signzone outputs SSL error if present 8907b5038d7SDag-Erling Smørgrav * Fixed manpages (thanks to Ondrej Sury) 8917b5038d7SDag-Erling Smørgrav * Fixed Makefile for -j <x> 8927b5038d7SDag-Erling Smørgrav * Fixed a $ORIGIN error when reading zones 8937b5038d7SDag-Erling Smørgrav * Fixed another off-by-one error 8947b5038d7SDag-Erling Smørgrav 8957b5038d7SDag-Erling Smørgrav03 Oct 2007 1.2.1: 8967b5038d7SDag-Erling Smørgrav * Fixed an offset error in rr comparison 8977b5038d7SDag-Erling Smørgrav * Fixed ldns-read-zone exit code 8987b5038d7SDag-Erling Smørgrav * Added check for availability of SHA256 hashing algorithm 8997b5038d7SDag-Erling Smørgrav * Fixed ldns-key2ds -2 argument 9007b5038d7SDag-Erling Smørgrav * Fixed $ORIGIN bug in .key files 9017b5038d7SDag-Erling Smørgrav * Output algorithms as an integer instead of their mnemonic 9027b5038d7SDag-Erling Smørgrav * Fixed a memory leak in dnssec code when SHA256 is not available 9037b5038d7SDag-Erling Smørgrav * Updated fedora .spec file 9047b5038d7SDag-Erling Smørgrav 9057b5038d7SDag-Erling Smørgrav11 Apr 2007 1.2.0: 9067b5038d7SDag-Erling Smørgrav * canonicalization of rdata in DNSSEC functions now adheres to the 9077b5038d7SDag-Erling Smørgrav rr type list in rfc3597, not rfc4035, which will be updated 9087b5038d7SDag-Erling Smørgrav (see http://www.ops.ietf.org/lists/namedroppers/namedroppers.2007/msg00183.html) 9097b5038d7SDag-Erling Smørgrav * ldns-walk now support dnames with maximum label length 9107b5038d7SDag-Erling Smørgrav * ldnsd now takes an extra argument containing the address to listen on 9117b5038d7SDag-Erling Smørgrav * signing no longer signs every rrset with KSK's, but only the DNSKEY rrset 9127b5038d7SDag-Erling Smørgrav * ported to Solaris 10 9137b5038d7SDag-Erling Smørgrav * added ldns_send_buffer() function 9147b5038d7SDag-Erling Smørgrav * added ldns-testpkts fake packet server 9157b5038d7SDag-Erling Smørgrav * added ldns-notify to send NOTIFY packets 9167b5038d7SDag-Erling Smørgrav * ldns-dpa can now accurately calculate the number of matches per 9177b5038d7SDag-Erling Smørgrav second 9187b5038d7SDag-Erling Smørgrav * libtool is now used for compilation too (still gcc, but not directly) 9197b5038d7SDag-Erling Smørgrav * Bugfixes: 9207b5038d7SDag-Erling Smørgrav - TSIG signing buffer size 9217b5038d7SDag-Erling Smørgrav - resolv.conf reading (comments) 9227b5038d7SDag-Erling Smørgrav - dname comparison off by one error 9237b5038d7SDag-Erling Smørgrav - typo in keyfetchers output file name fixed (a . too much) 9247b5038d7SDag-Erling Smørgrav - fixed zone file parser when comments contain ( or ) 9257b5038d7SDag-Erling Smørgrav - fixed LOC RR type 9267b5038d7SDag-Erling Smørgrav - fixed CERT RR type 9277b5038d7SDag-Erling Smørgrav 9287b5038d7SDag-Erling Smørgrav Drill: 9297b5038d7SDag-Erling Smørgrav * drill prints error on failed axfr. 9307b5038d7SDag-Erling Smørgrav * drill now accepts mangled packets with -f 9317b5038d7SDag-Erling Smørgrav * old -c option (use tcp) changed to -t 9327b5038d7SDag-Erling Smørgrav * -c option to specify alternative resolv.conf file added 9337b5038d7SDag-Erling Smørgrav * feedback of signature chase improved 9347b5038d7SDag-Erling Smørgrav * chaser now stops at root when no trusted keys are found 9357b5038d7SDag-Erling Smørgrav instead of looping forever trying to find the DS for . 9367b5038d7SDag-Erling Smørgrav * Fixed bugs: 9377b5038d7SDag-Erling Smørgrav - wildcard on multiple labels signature verification 9387b5038d7SDag-Erling Smørgrav - error in -f packet writing for malformed packets 9397b5038d7SDag-Erling Smørgrav - made KSK check more resilient 9407b5038d7SDag-Erling Smørgrav 9417b5038d7SDag-Erling Smørgrav7 Jul 2006: 1.1.0: ldns-team 9427b5038d7SDag-Erling Smørgrav * Added tutorials and an introduction to the documentation 9437b5038d7SDag-Erling Smørgrav * Added include/ and lib/ dirs so that you can compile against ldns 9447b5038d7SDag-Erling Smørgrav without installing ldns on your system 9457b5038d7SDag-Erling Smørgrav * Makefile updates 9467b5038d7SDag-Erling Smørgrav * Starting usage of assert throughout the library to catch illegal calls 9477b5038d7SDag-Erling Smørgrav * Solaris 9 testing was carried out. Ldns now compiles on that 9487b5038d7SDag-Erling Smørgrav platform; some gnuism were identified and fixed. 9497b5038d7SDag-Erling Smørgrav * The ldns_zone structure was stress tested. The current setup 9507b5038d7SDag-Erling Smørgrav (ie. just a list of rrs) can scale to zone file in order of 9517b5038d7SDag-Erling Smørgrav megabytes. Sorting such zone is still difficult. 9527b5038d7SDag-Erling Smørgrav * Reading multiline b64 encoded rdata works. 9537b5038d7SDag-Erling Smørgrav * OpenSSL was made optional, configure --without-ssl. 9547b5038d7SDag-Erling Smørgrav Ofcourse all dnssec/tsig related functions are disabled 9557b5038d7SDag-Erling Smørgrav * Building of examples and drill now happens with the same 9567b5038d7SDag-Erling Smørgrav defines as the building of ldns itself. 9577b5038d7SDag-Erling Smørgrav * Preliminary sha-256 support was added. Currently is your 9587b5038d7SDag-Erling Smørgrav OpenSSL supports it, it is supported in the DS creation. 9597b5038d7SDag-Erling Smørgrav * ldns_resolver_search was implemented 9607b5038d7SDag-Erling Smørgrav * Fixed a lot of bugs 9617b5038d7SDag-Erling Smørgrav 9627b5038d7SDag-Erling Smørgrav Drill: 9637b5038d7SDag-Erling Smørgrav * -r was killed in favor of -o <header bit mnemonic> which 9647b5038d7SDag-Erling Smørgrav allows for a header bits setting (and maybe more in the 9657b5038d7SDag-Erling Smørgrav future) 966*5afab0e5SDag-Erling Smørgrav * DNSSEC is never automatically set, even when you query 9677b5038d7SDag-Erling Smørgrav for DNSKEY/RRSIG or DS. 9687b5038d7SDag-Erling Smørgrav * Implement a crude RTT check, it now distinguishes between 9697b5038d7SDag-Erling Smørgrav reachable and unreachable. 9707b5038d7SDag-Erling Smørgrav * A form of secure tracing was added 9717b5038d7SDag-Erling Smørgrav * Secure Chasing has been improved 9727b5038d7SDag-Erling Smørgrav * -x does a reverse lookup for the given IP address 9737b5038d7SDag-Erling Smørgrav 9747b5038d7SDag-Erling Smørgrav Examples: 9757b5038d7SDag-Erling Smørgrav * ldns-dpa was added to the examples - this is the Dns Packet 9767b5038d7SDag-Erling Smørgrav Analyzer tool. 9777b5038d7SDag-Erling Smørgrav * ldnsd - as very, very simple nameserver impl. 978*5afab0e5SDag-Erling Smørgrav * ldns-zsplit - split zones for parallel signing 9797b5038d7SDag-Erling Smørgrav * ldns-zcat - cat split zones back together 9807b5038d7SDag-Erling Smørgrav * ldns-keyfetcher - Fetches DNSKEY records with a few (non-strong, 9817b5038d7SDag-Erling Smørgrav non-DNSSEC) anti-spoofing techniques. 9827b5038d7SDag-Erling Smørgrav * ldns-walk - 'Walks' a DNSSEC signed zone 9837b5038d7SDag-Erling Smørgrav * Added an all-static target to the makefile so you can use examples 9847b5038d7SDag-Erling Smørgrav without installing the library 9857b5038d7SDag-Erling Smørgrav * When building in the source tree or in a direct subdirectory of 9867b5038d7SDag-Erling Smørgrav the build dir, configure does not need --with-ldns=../ anymore 9877b5038d7SDag-Erling Smørgrav 9887b5038d7SDag-Erling Smørgrav Code: 9897b5038d7SDag-Erling Smørgrav * All networking code was moved to net.c 9907b5038d7SDag-Erling Smørgrav * rdata.c: added asserts to the rdf set/get functions 9917b5038d7SDag-Erling Smørgrav * const keyword was added to pointer arguments that 9927b5038d7SDag-Erling Smørgrav aren't changed 9937b5038d7SDag-Erling Smørgrav 9947b5038d7SDag-Erling Smørgrav API: 9957b5038d7SDag-Erling Smørgrav Changed: 9967b5038d7SDag-Erling Smørgrav * renamed ldns/dns.h to ldns/ldns.h 997*5afab0e5SDag-Erling Smørgrav * ldns_rr_new_frm_str() is extended with an extra variable which 9987b5038d7SDag-Erling Smørgrav in common use may be NULL. This trickles through to: 9997b5038d7SDag-Erling Smørgrav o ldns_rr_new_frm_fp 10007b5038d7SDag-Erling Smørgrav o ldns_rr_new_frm_fp_l 10017b5038d7SDag-Erling Smørgrav Which also get an extra variable 10027b5038d7SDag-Erling Smørgrav Also the function has been changed to return a status message. 10037b5038d7SDag-Erling Smørgrav The compiled RR is returned in the first argument. 10047b5038d7SDag-Erling Smørgrav * ldns_zone_new_frm_fp_l() and ldns_zone_new_frm_fp() are 10057b5038d7SDag-Erling Smørgrav changed to return a status msg. 10067b5038d7SDag-Erling Smørgrav * ldns_key_new_frm_fp is changed to return ldns_status and 10077b5038d7SDag-Erling Smørgrav the actual key list in the first argument 10087b5038d7SDag-Erling Smørgrav * ldns_rdata_new_frm_fp[_l]() are changed to return a status. 10097b5038d7SDag-Erling Smørgrav the rdf is return in the first argument 10107b5038d7SDag-Erling Smørgrav * ldns_resolver_new_frm_fp: same treatment: return status and 10117b5038d7SDag-Erling Smørgrav the new resolver in the first argument 10127b5038d7SDag-Erling Smørgrav * ldns_pkt_query_new_frm_str(): same: return status and the 10137b5038d7SDag-Erling Smørgrav packet in the first arg 10147b5038d7SDag-Erling Smørgrav * tsig.h: internal used functions are now static: 10157b5038d7SDag-Erling Smørgrav ldns_digest_name and ldns_tsig_mac_new 10167b5038d7SDag-Erling Smørgrav * ldns_key_rr2ds has an extra argument to specify the hash to 10177b5038d7SDag-Erling Smørgrav use. 10187b5038d7SDag-Erling Smørgrav * ldns_pkt_rcode() is renamed to ldns_pkt_get_rcode, ldns_pkt_rcode 10197b5038d7SDag-Erling Smørgrav is now the rcode type, like ldns_pkt_opcode 10207b5038d7SDag-Erling Smørgrav New: 10217b5038d7SDag-Erling Smørgrav * ldns_resolver_searchlist_count: return the searchlist counter 10227b5038d7SDag-Erling Smørgrav * ldns_zone_sort: Sort a zone 10237b5038d7SDag-Erling Smørgrav * ldns_bgsend(): background send, returns a socket. 10247b5038d7SDag-Erling Smørgrav * ldns_pkt_empty(): check is a packet is empty 10257b5038d7SDag-Erling Smørgrav * ldns_rr_list_pop_rr_list(): pop multiple rr's from another rr_list 10267b5038d7SDag-Erling Smørgrav * ldns_rr_list_push_rr_list(): push multiple rr's to an rr_list 10277b5038d7SDag-Erling Smørgrav * ldns_rr_list_compare(): compare 2 ldns_rr_lists 10287b5038d7SDag-Erling Smørgrav * ldns_pkt_push_rr_list: rr_list equiv for rr 10297b5038d7SDag-Erling Smørgrav * ldns_pkt_safe_push_rr_list: rr_list equiv for rr 10307b5038d7SDag-Erling Smørgrav Removed: 10317b5038d7SDag-Erling Smørgrav * ldns_resolver_bgsend(): was not used in 1.0.0 and is not used now 10327b5038d7SDag-Erling Smørgrav * ldns_udp_server_connect(): was faulty and isn't really part of 10337b5038d7SDag-Erling Smørgrav the core ldns idea any how. 10347b5038d7SDag-Erling Smørgrav * ldns_rr_list_insert_rr(): obsoleted, because not used. 10357b5038d7SDag-Erling Smørgrav * char *_when was removed from the ldns_pkt structure 10367b5038d7SDag-Erling Smørgrav 10377b5038d7SDag-Erling Smørgrav18 Oct 2005: 1.0.0: ldns-team 1038*5afab0e5SDag-Erling Smørgrav * Committed a patch from Håkan Olsson 10397b5038d7SDag-Erling Smørgrav * Added UPDATE support (Jakob Schlyter and Håkan Olsson) 10407b5038d7SDag-Erling Smørgrav * License change: ldns is now BSD licensed 10417b5038d7SDag-Erling Smørgrav * ldns now depends on SSL 10427b5038d7SDag-Erling Smørgrav * Networking code cleanup, added (some) server udp/tcp support 10437b5038d7SDag-Erling Smørgrav * A zone type is introduced. Currently this is a list 10447b5038d7SDag-Erling Smørgrav of RRs, so it will not scale well. 10457b5038d7SDag-Erling Smørgrav * [beta] Zonefile parsing was added 10467b5038d7SDag-Erling Smørgrav * [tools] Drill was added to ldns - see drill/ 10477b5038d7SDag-Erling Smørgrav * [tools] experimental signer was added 10487b5038d7SDag-Erling Smørgrav * [building] better check for ssl 10497b5038d7SDag-Erling Smørgrav * [building] major revision of build system 10507b5038d7SDag-Erling Smørgrav * [building] added rpm .spec in packaging/ (thanks to Paul Wouters) 10517b5038d7SDag-Erling Smørgrav * [building] A lot of cleanup in the build scripts (thanks to Jakob Schlyter 10527b5038d7SDag-Erling Smørgrav and Paul Wouters) 10537b5038d7SDag-Erling Smørgrav 10547b5038d7SDag-Erling Smørgrav28 Jul 2005: 0.70: ldns-team 10557b5038d7SDag-Erling Smørgrav * [func] ldns_pkt_get_section now returns copies from the rrlists 10567b5038d7SDag-Erling Smørgrav in the packet. This can be freed by the user program 10577b5038d7SDag-Erling Smørgrav * [code] added ldns_ prefixes to function from util.h 10587b5038d7SDag-Erling Smørgrav * [inst] removed documentation from default make install 10597b5038d7SDag-Erling Smørgrav * Usual fixes in documentation and code 10607b5038d7SDag-Erling Smørgrav 10617b5038d7SDag-Erling Smørgrav20 Jun 2005: 0.66: ldns-team 10627b5038d7SDag-Erling Smørgrav Rel. Focus: drill-pre2 uses some functions which are 10637b5038d7SDag-Erling Smørgrav not in 0.65 10647b5038d7SDag-Erling Smørgrav * dnssec_cd bit function was added 10657b5038d7SDag-Erling Smørgrav * Zone infrastructure was added 10667b5038d7SDag-Erling Smørgrav * Usual fixes in documentation and code 10677b5038d7SDag-Erling Smørgrav 10687b5038d7SDag-Erling Smørgrav13 Jun 2005: 0.65: ldns-team 10697b5038d7SDag-Erling Smørgrav * Repository is online at: 10707b5038d7SDag-Erling Smørgrav http://www.nlnetlabs.nl/ldns/svn/ 1071*5afab0e5SDag-Erling Smørgrav * Apply reference copying throughout ldns, except in 2 10727b5038d7SDag-Erling Smørgrav places in the ldns_resolver structure (._domain and 10737b5038d7SDag-Erling Smørgrav ._nameservers) 10747b5038d7SDag-Erling Smørgrav * Usual array of bugfixes 10757b5038d7SDag-Erling Smørgrav * Documentation added 10767b5038d7SDag-Erling Smørgrav * keygen.c added as an example for DNSSEC programming 10777b5038d7SDag-Erling Smørgrav 10787b5038d7SDag-Erling Smørgrav23 May 2005: 0.60: ldns-team 10797b5038d7SDag-Erling Smørgrav * Removed config.h from the header installed files 1080*5afab0e5SDag-Erling Smørgrav (you're not supposed to include that in a library) 10817b5038d7SDag-Erling Smørgrav * Further tweaking 10827b5038d7SDag-Erling Smørgrav - DNSSEC signing/verification works 10837b5038d7SDag-Erling Smørgrav - Assorted bug fixes and tweaks (memory management) 10847b5038d7SDag-Erling Smørgrav 10857b5038d7SDag-Erling SmørgravMay 2005: 0.50: ldns-team 10867b5038d7SDag-Erling Smørgrav * First usable release 10877b5038d7SDag-Erling Smørgrav * Basic DNS functionality works 10887b5038d7SDag-Erling Smørgrav * DNSSEC validation works 1089