BIND 8.3.5 Release BIND 8.3.5 is a maintenance release of BIND 8.3. This is expected to be the last release of BIND 8.3 except for security issues. The recommended version to use is BIND 9.2.2. If for whatever reason you must run BIND 8, use nothing earlier than 8.2.7-REL, 8.3.4-REL. Do not under any circumstances run BIND 4. ` Highlights vs. 8.3.4 Maintenance release. Highlights vs. 8.3.3 Security Fix DoS and buffer overrun. Highlights vs. 8.3.2 Security Fix libbind. All applications linked against libbind need to re-linked. 'rndc restart' now preserves named's arguments Highlights vs. BIND 8.3.1: dig, nslookup, host and nsupdate have improved IPv6 support. Highlights vs. BIND 8.3.0: Critical bug fix to prevent DNS storms. If you have BIND 8.3.0 you need to upgrade. the distribution files are: ftp://ftp.isc.org/isc/bind/src/8.3.5/bind-src.tar.gz ftp://ftp.isc.org/isc/bind/src/8.3.5/bind-doc.tar.gz ftp://ftp.isc.org/isc/bind/src/8.3.5/bind-contrib.tar.gz the pgp signature files are: ftp://ftp.isc.org/isc/bind/src/8.3.5/bind-src.tar.gz.asc ftp://ftp.isc.org/isc/bind/src/8.3.5/bind-doc.tar.gz.asc ftp://ftp.isc.org/isc/bind/src/8.3.5/bind-contrib.tar.gz.asc the md5 checksums are: MD5 (bind-contrib.tar.gz) = 8844176966590eb0f027a1a393b42ab0 MD5 (bind-contrib.tar.gz.asc) = 47b5feb7dfb9cc855d7c29b9c582d2ff MD5 (bind-doc.tar.gz) = 7323a28e682faed324dbf4ffe0c98b8f MD5 (bind-doc.tar.gz.asc) = 4881b4a8ee6b9d30a9e917d1eaca00d9 MD5 (bind-src.tar.gz) = 38ebddba14dd99a194d0ad866d92ba80 MD5 (bind-src.tar.gz.asc) = fffead8bfc16dd2f50aed2c9ed21c30c Windows NT / Windows 2000 binary distribution. There will be no Windows binary release of BIND 8.3.5. The current Windows binary release is BIND 8.4.0. top of CHANGES says: --- 8.3.5-REL released --- (Mon Jun 2 03:15:53 PDT 2003) 1540. [bug] remove potential memory leak from net_data_create(). 1537. [bug] dig buffer overrun with large command lines. 1535. [bug] winnt: large zone transfers failed. 1536. [cleanup] use NS_MAXMSG to define TCP buffers. 1534. [func] The advertised EDNS UDP buffer size can now be set via named.conf (edns-udp-size). 1533. [bug] don't artificially restrict the update message size. 1532. [bug] use maximum sized answer buffers in res_findzonecut(). 1530. [bug] nslookup computed incorrect reverse lookup for IPv6. 1529. [lint] unused variable in dnsquery.c::main(). 1528. [bug] getaddrinfo() incorrectly rejected a numeric service under certian circumstances. 1527. [proto] add ns_t_apl (42). 1526. [doc] res_{get,set}servers(). 1523. [bug] getipnodebyname with AI_ADDRCONFIG set was broken on HPUX 11.11. Detect IPv6 interfaces under linux. 1519. [port] decunix: conflicting setnetgrent() and innetgr() prototypes. 1518. [cleanup] silence "No root nameservers for class XX" when "forward only;" is set in options. 1517. [cleanup] stop using putshort/putlong internally. 1513. [bug] use ipnodes.{byname,byaddr} for IPv6 NIS lookups. Add support for "YP_MULTI_". 1511. [cleanup] don't use argument names in function prototypes. 1510. [port] openbsd uses /bsd not /kernel. 1506. [bug] named could sometimes set tc incorrectly. 1505. [bug] potential overflow if pointer arithmetic wrapped. 1503. [bug] named could make unnecessary queries for glue if the additional section was full. 1501. [port] decunix: OSF 3.2 does not have native 64 bit support. 1500. [port] linux: namespace collision. 1499. [port] linux: #include bin/dig/dig.c 1498. [bug] ns_makecanon() could under read its destination buffer by one character and fail to properly canonicalise. 1497. [bug] res_mkupdate() used compression pointers when it shouldn't. 1496. [bug] res_mkupdate() didn't support NAPTR. 1494. [bug] memory leak on thread destruction if gethostbyname() / getnetbyname() have been called by the thread. 1493. [bug] check scope for link local servers. 1492. [placeholder] 1491. [cleanup] indentation problems. 1490. [bug] the seek offset was miscalculated when truncating the ixfr log. 1489. [func] named no longer queries for missing additional A6 records. 1488. [port] decunix: TruCluster support. See port/decunix/TruCluster. 1487. [bug] getnetgroup() takes (char **) not (const char **). 1486. [func] res_query() now generates more/better debug on failure 1485. [func] res_send() records the nameserver the response came from. Dig retrieves this rather than reporting the first address. 1484. [bug] dig use sin.sin_port for IPv4. 1483. [bug] nslookup could dereference a NULL pointer under certain circumstances. 1482. [bug] provide local storage for localtime_r result. 1481. [bug] tv.tv_sec and time_t are not always the same type. 1480. [bug] gethostbyname(), getaddrinfo() could drop address if the previous call contained one of the new addresses. 1479. [func] try known lame servers if all other servers have failed. 1478. [cleanup] libbind: don't look for A6 records, don't follow DNAME record (use the CNAMES), remove some bitstring related functions. 1477. [cleanup] libbind: namespace cleanup (irs_* to __irs*, dst_* to __dst_* and tree_* to __tree*) 1476. [bug] dig wasn't using a random query id. 1475. [bug] "query-source address port *" failed to use a system assigned port as documented. 1474. [bug] named wasn't seeing cached NODATA CNAME records. 1473. [bug] nslookup: buffer overrun when looking up reverse IPv6 addresses under IP6.INT when not found under IP6.ARPA. 1472. [port] freebsd; current has pselect(). 1471. [port] 'dig -P' failed on some platforms. 1470. [bug] J.ROOT-SERVERS.NET is now 192.58.128.30. 1467. [deleted] 1461. [func] return referrals for glue (NS/A/AAAA) if recursion is disabled (recursion no;). 1460. [bug] NS_MD5RSA_MAX_BITS was not correct. 1459. [bug] ns_sign2() could fail to compute a correct signature if the TSIG ownername was compressed. 1458. [bug] host: spurious "Unknown algorithm" message with default zone listing. missing white space before '(' in SOA format. 1457. [bug] bison didn't like ns_parser.y. 1456. [doc] document auth-nxdomain default is "no" (see # 524). 1455. [bug] named failed to allow a cached NODATA response for a ANY query to be retrieved. 1454. [contrib] nsverifier from Bob.Whelton@qwest.com. 1453. [bug] SOA answers should only be cached for the current tick. 1452. [bug] don't cache -ve response SOA record. 1451. [port] bsdos: maybe_fix_includes is not required. 1450. [bug] hint zones don't need to be reloaded when a "child" zone is removed. 1449. [bug] it was possible to orphan glue records. this could lead to panics in stale(). 1438. [bug] glue from a parent zone beneath a child zone could be deleted by loading a child zone. 1437. [bug] linux: probe_ipv6 was broken. 1436. [port] decunix: update sys/bitypes.h 1435. [func] named-xfer: log the zone name when reporting query sent. 1434. [doc] the man page for dn_expand failed to document eomorig. 1433. [lint] remove unused variable. 1432. [func] log TSIG key name if used with zone transfer. 1431. [func] new category "update-security". 1430. [func] libbind: the default nameservers now include ::1/:: as well as 127.0.0.1/0.0.0.0 if none are specified in resolv.conf. 1429. [port] libbind: use strlcat/strlcpy if available. 1428. [port] eventlib.c: cast tv_sec to long when calling *printf(). 1427. [func] define INT8SZ 1426. [port] res_dprintf() now supports format checking w/ gcc. 1425. [bug] 'aa' was not being set appropriately with cross zone CNAMES. 1424. [cleanup] ip6_str2scopeid() now returns u_int32_t. 1423. [bug] 'ndc restart' could fail to restart named if there were no arguments to named. 1422. [cleanup] optarg() etc. are declared in unistd.h. 1421. [bug] clear and check errno when calling strtoul(). 1420. [cleanup] use %p instead of %#x for printing pointers. 1419. [cleanup] getinfo(): kill buflen manipulation. 1418. [port] cast pointers to (size_t) when aligning. 1417. [cleanup] make1101inaddr(): kill size manipulation. 1416. [port] log_vwrite() now supports format checking w/ gcc. 1415. [port] irix: probe for in6addr_any. 1414. [bug] strtoul() cast (char*) to (unsigned char*). 1413. [bug] host: soa values are not signed. 1412. [bug] fix numeric port range check in getaddrinfo(). 1411. [port] freebsd/netbsd/openbsd: #define USE_IFNAMELINKID. 1410. [port] probe for sin6_scope_id when probing for IPv6 structs. 1409. [bug] dig: reverse6 computed a incorrect nibble string. 1408. [cleanup] res_mkquery.c: kill buflen manipulation. 1407. [port] namespace clash EV_ERR -> EV_SETERR --- 8.3.4-REL released --- (Thu Nov 14 05:45:26 PST 2002)