@(#)RELEASE_NOTES e07@nikhef.nl (Eric Wassenaar) 951231 yymmdd Description of changes per release TODO Things that still need to be done WISHLIST Wishes expressed by various people NOTES Important issues to keep in mind MISC Miscellaneous reminders # ---------------------------------------------------------------------- # Description of changes per release # ---------------------------------------------------------------------- 951231 Cosmetic changes. Print all relevant messages in debug mode to stdout, and appropriately prefix them with ";; " to conform with the BIND 4.9.3 conventions. Miscellaneous changes. Consider the all-ones broadcast address a fake address. 951024 Avoid potential alignment conflicts. Allocate socket addresses of type struct sockaddr_in instead of type struct sockaddr. The first one has stricter alignment restrictions, although they have the same size. Correct various misspellings. Noted by Keith Bostic 950925 Portability fix. Refine type definitions for the arguments to various resolver routines to be even more backward compatible, and to avoid compilation or lint warning messages on new platforms. It should run clean on BSD44 systems. There are no functional changes in this release. 950923 Add new -z option to list delegated zones in a zone. This is a new variant of the zone listing specials. A zone transfer is done, and only the names of the encountered delegated zones are printed. This option is undocumented, and subject to change. Sort list of delegated zones alphabetically. Before acting on delegated zones during zone listings, sort them in alphabetical order for prettier output. Portability fix. The BIND 4.9.3 resolver routines require the passed buffer arguments to be of type u_char instead of char. This causes a prototype mismatch for HOST_RES_SEND. Mentioned by Geert Jan de Groot Minor command option functionality change. The -L flag, when given without any other list mode option, now implies the -l option. Miscellaneous code cleanup. Pass the name of the actually contacted server during zone listings in more elegant way. Avoid (harmless) lint warnings on picky platforms. 950822 Fix bug in recursive lookup handling. During recursive lookups, e.g. when following CNAME chains, querynames are always assumed to be already fully qualified, and must be tried ``as is''. The classical example of a CNAME that points to the pseudo "localhost.", or an erroneously dot-terminated single name, should not be subject to local aliasing or search list processing. They were. Reported by Alexander Dupuy 950809 Portability fix. Check for SVR4 as well as for SYSV in port.h, which is necessary for compilation via the master BIND Makefile. Suggested by There are no functional changes in this release. 950502 Maintain hash list for zone name lookups. This should not be really necessary for most practical purposes, but it makes processing of the .in-addr.arpa zone and even the .COM zone at least feasible. The latter still requires quite a lot of memory, and some cpu time to filter out the glue records from its 50000 A records and 110000 NS records. The toplevel zone count as of today is: COM 50000 delegated zones IN-ADDR.ARPA 30000 delegated zones ORG 5000 delegated zones NET 3000 delegated zones EDU 2000 delegated zones Suppress various checks in quiet mode. This avoids costly checks and achieves some speedup in cases that nothing would have been printed anyway. Supply alternative recv_sock() module. The select() system call may fail on the solaris 2.4 platform without appropriate patches. An alarm can be used instead, at the cost of extra system call overhead. 950429 Fix bug in error reporting. The name and address of the contacted server during zone listings could be clobbered by intermediate calls to res_send(). 950427 Fix glitch in host name lookup. New entry would be inadvertently added to the hash lish in case the MAXHOSTS limit was reached. Miscellaneous changes. Speedup comparison of zone names and host names by looking up zone names in the host name hash list. 950407 Maintain hash list for host name lookups. A linear search through the per-zone host name table becomes very costly for zones with several thousands of hosts. Significant speedup is achieved. Even for recursive listings of many small zones the reduction of total processing time is noticeable. 950318 Increase (static) maximum number of hosts. This avoids imposing arbitrary limits in most cases. 950302 Prevent zone transfer for certain zones. Some zones are known to contain bogus information. E.g. definition of A records for all possible addresses in a class-B network will bias the hostcount. Add new -N option to define an explicit list of zones for which a zone transfer is deliberately skipped. Requested by Peter Koch Miscellaneous code cleanup. Split off various tasks from monolithic list_zone(). Invert the double matching loop in sort_servers(). Fix glitch when comparing matching domain labels. 950115 Sort list of nameservers for a zone. When the NS records for a zone are issued in BIND 4.9 round-robin fashion, this may yield an unfavorable order for doing zone transfers. Apply some heuristic to sort them according to preference, giving priority to servers within your own domain or parent domains. Add new option -P to define an explicit list of domains of preferred servers, giving priority to matching ones. Suggested by Marten Terpstra Don't suppress certain rr data any more. The preference value in the MX/RT/PX records and the version number in the AFSDB record was suppressed in non-verbose mode, unless the -T option was specified. These values are now printed by default. Requested by Geert Jan de Groot 941210 Adapt implementation of LOC RR. The binary data format has already changed twice: the four 4-bit fields are now four 8-bit fields, and log2 encoding has changed to power-of-10 encoding. Support for this will be incorporated in BIND 4.9.3. Still undocumented in the host manual page. 941206 Compatibility with BIND 4.9.3. The NOCHANGE query response has now been conditionally defined via #ifdef ALLOW_UPDATES. Older versions of BIND may still return this (should have been FORMERR). Improve error reporting. Define a special h_errno status SERVER_FAILURE for the case a SERVFAIL query response is returned. This is used to report lame delegations during SOA checking or zone transfers. Servers may return this code when the zone data has expired altogether. This is not a TRY_AGAIN situation if such server is authoritative. Suggested by Peter Koch Rename special status NOT_AVAILABLE to QUERY_REFUSED. Various minor changes. Check for invalid characters in T_AAAA record names. Print optional protocol and port from T_A record after a comment sign. Not sure whether this has ever been used. 941129 Implement LOC RR as defined by preliminary draft-RFC. Requires conversion routines for spherical position, vertical position, and precision. Tested on big-endian, little-endian, Alpha, Cray. This is only a pre-release. Undocumented until RFC gets public. 941125 Recognize new RR types as reserved by RFC 1700. Implement PX RR type as defined per RFC 1664. Implement GPOS RR type as defined per RFC 1712. Include few simple utility scripts. These are just examples of wrappers to host. nslookup -- emulate most functions of the real one. mxlookup -- lookup records at each of its servers. 941006 Lessen restrictions for certain tests. The checks for invalid underscores and canonical host names were suppressed during recursive zone listings on all levels. They are now suppressed only when not operating on the base level. This enables the checks during the ``host -C -L 1'' command. Extend functionality of -A option. If the -A flag is specified along with any explicit list mode option, it enables reversed address checking. The address of each encountered A record is reverse mapped, and it is checked whether it is registered and maps back to the A record name. This flag can safely be specified in the ``host -CA -L 1'' command. Add new -W option to list wildcard records in a zone. This is a new variant of the zone listing specials. A zone transfer is done, and only wildcard records are printed. The default resource record type is MX. This option is undocumented, and subject to change. 941004 Improve printout. Include conversion of the various time values from the SOA record in the comment part during ordinary printout. 941002 Call alternative res_debug print routine if available. In BIND 4.9.* an alternative module is present which accepts (as it should) the size of the query buffer. Rearrange include files. Move configuration definitions to new conf.h. 940917 Improve support for NSAP records, as per RFC 1637. Print ordinary NSAP addresses with separating dots, after the 1-byte AFI, then after every 2 bytes. Add new option -n to generate reverse NSAP within the nsap.int domain, similar to the -i option. Print reverse NSAP in forward notation, unless forced to print full zone file format. 940911 Verify that some host names are canonical. This is formally required, but also in practice highly desirable. The target hosts in NS and MX records only are verified, being the most crucial. Currently the test is skipped during recursive zone processing, to avoid excessive output of non-canonical MX targets. When figuring out the nameservers for a zone before doing a zone transfer, a non-canonical nameserver name is always reported. Report illegal domain names. This is now done by default for 'host' related domain names. The A and MX record names and NS and MX target names are checked only. Only alphanumeric characters and hyphen '-' are valid. Currently the reporting of names containing underscores is suppressed during recursive zone listings, to avoid excessive output of such illegal host names. During SOA checking, an illegal primary or hostmaster is always reported. Document the -I option. This option does no longer trigger the checking of invalid characters in names. To suppress illegal underscore messages, use "-I _". To show them during recursive listings, use "-I ''". Modify various messages. Make some warning messages slightly shorter, and start the message with the resource record or zone name. Most of the SOA check messages have been affected. Remove the answer buf offset in the incomplete HINFO warning messages. Improve error reporting. Include the name of an explicit server in ns_error() messages describing h_errno. This was already done for the errno messages. Include the server name also in ns_error() messages after a failing zone transfer from that server. Define a special h_errno status NOT_AVAILABLE for the case a query was explicitly refused. Some servers are configured to refuse zone transfers. Major update of manual page. Explain some more failure messages. Explain most of the common warning and error messages. 940819 Modify various messages. Include the server name in messages reporting failures and problems during zone transfers. Implement ttl consistency checks. Multiple records of same name/type/class should have the same ttl value in zone listings. This is now checked. A suitable hash function is needed to minimize overhead. The approach is similar to the function used in sendmail. This has been a long standing wish from Peter Koch Various speedup fixes. Avoid unnecessary indomain() calls during zone listings. 940713 Modify various messages. Replace some of the ``extraneous'' messages with a more descriptive text. Include name and type of the query in messages reporting format errors in the response. Include zone name in error messages during SOA check. Revise check for valid names. If a domain name refers to a ``mailbox'', the part up to the first unquoted dot is the ``local part'' to which the RFC 822 syntax rules apply. 940623 Revise res_send() strategy. Mark bad server status for certain conditions which make it unlikely that we will succeed during the next try. Operating system failures are not in this category. Nameserver unreachable status is now reported in a more reliable fashion. A second try would sometimes timeout. (May be useful for monitoring the upcoming summer 1994 reshuffling of EBONE/EuropaNET/NSFnet interconnections). Facelift for socket I/O routines. Systematically use _res_close() to close a connection. Include the answer packet length in debug printout. Extend resolver initialization. Set initial query ID to some arbitrary number. Various speedup fixes. Avoid unnecessary strlen() calls during zone listings. Check whether the resource record data must be printed outside the print routine to avoid unnecessary overhead. Use bcopy() instead of sprintf() in obvious cases. Better output format control. In non-verbose and non-debug mode, only pure resource record output is written to stdout. Add new -Z option to force resource record output to be in full zone listing format, including trailing dot in domain names, plus ttl value and class indicator. Rearrange include files. Define resource record structures in rrec.h. Function declarations moved to defs.h. 940615 Various portability changes. Avoid use of sizeof() for all entities that have a fixed field width, and use predefined constants instead. This is necessary for systems without 16 or 32 bit integers. Fix use of ipaddr_t and struct in_addr appropriately. All this makes the utility portable to e.g. Cray. Save and restore state during recursive lookup. Error codes could be clobbered during MAILB tracing. Miscellaneous minor code cleanup. 940603 Fix implementation for -F option properly. Exchanging the role of stdout and the logfile now works on all platforms. Asked by Artur Romao 940526 Combine explicit server and -p option. If both are specified, the explicit server is contacted to retrieve the desired servers for the given zone during zone listing/checking modes. This is useful for checking zones that have not been registered yet. Requested by Geert Jan de Groot Rudimentary support for NSAP records. This is still very experimental. It is unclear how an NSAP address should be encoded in the resource record, and how its hierarchical structure is decided. Inspired by the 4.9 diffs from cisco.com. 940317 Print SOA serial always as an unsigned value. Warn about ``extraordinary'' serial if high bit is set. Reset errno to avoid stale values. Could happen when doing multiple gethostbyaddr() calls in extended mode when the BIND res_send() is linked in. Problem noted by Solaris portability fix. For solaris 2.x use res_gethostby{addr,name} modules to force dns lookups. The __switch_gethostby{addr,name} modules have disappeared in solaris 2.3. 930926 Extend -I option with argument containing allowed chars. This string specifies formally illegal, but silently allowed characters when checking illegal domain names. The -I option is still necessary to enable checking. Still done only for resource record names in listings. Note that some hesiod names contain the '/' character. Indicated by Peter Koch . Additional SOA record checks. Check hostmaster field for illegal chars, such as '@' (needed as long as data field names are not checked). Revised SOA record checks. Check primary field against list of known nameservers. Issue warning if not among the authoritative servers. This may be intentional in special cases, however. Required some code reshuffling. Add new -M option to list mailable subdomains in a zone. This is a new variant of the zone listing specials. A zone transfer is done (without listing anything by default) to determine the available delegated zones. For each of these zones, the MX records are printed. Experimental, undocumented. Insufficient too: you really want to see also the domains for which only an MX record exist. Cleanup terminology in the code documentation. Remove the word 'subdomain' and cleanup the confusion between 'domain' versus 'zone'. Update manual page. Use terminology that is technically more correct. Explain various things that were still missing. 930919 Print actual name that was queried in error messages. Formerly, only the (possibly abbreviated) queryname as specified on the command line was printed. Special care must be given if domain search is enabled, especially in the enforced BIND compatibility mode. Looks much better. Asked by Some more SOA record tests. Some records have the name of the zone specified in the field that should contain the name of the primary server. Miscellaneous minor changes. Slightly modify the nameserver name printout during -C. Set proper h_errno when answer buffer counts are corrupt. Add new -V option to print version number. Define version in separate vers.c Use class mnemonics as defined in RFC 1035. Print 'CH' instead of 'CHAOS'. Anyone using this ? Recognize obsolete 'CS' or 'CSNET'. Pretty useless. Just for ultimate completeness. Check for invalid characters in domain names. Only alphanumeric characters and hyphen '-' are valid. Unfortunately, the use of underscore '_' is widespread, so issuing a warning by default is unrealistic. Therefore: Add new -I option to warn about illegal domain names. Currently done only for resource record names during zone listing. Could be extended to domain names in data fields. Perhaps a warning by default in case illegal other than underscore. Option is still undocumented as the semantics are subject to change. 930915 Add -R option to always first try search domains. Normally querynames are assumed to be fully qualified and are tried as such, unless it is a single name which is always tried, and only once, in the default domain. This option sets RES_DNSRCH and simulates the default BIND behavior, with the exception that NO_DATA status terminates the search immediately. With the additional otherwise undocumented -B option the BIND behavior is fully enforced and the search continues. Added only for testing purposes, not for general use. Few more BIND 4.9 compatibility changes. Some resolver routines have gotten new argument types. Adapt Makefile to BIND conventions. The Makefile can be used completely stand-alone, or can be invoked from the master BIND Makefile. Affects names of various (inherited) make variables. Change BIND_RES_SEND to HOST_RES_SEND with opposite meaning. Default is HOST_RES_SEND in case stand-alone. 930911 Extension of user interface. Allow multiple arguments on command line or from stdin. Requires new syntax for specifying explicit server. New options -x and '-X server' indicate extended syntax. Quite a lot reshuffling of code. Urgently requested by and Paul Vixie Configurable default options. Use an environment variable HOST_DEFAULTS to pre-define default options and parameters. These are interpolated in front of the command line arguments before scanning. Syntax is the same as the command line syntax. Fix bug when querying single name without dot. Not only the default domain, but also the eventual other search domains would be tried, although DNSRCH is off. This is a long-standing bug. Very important fix. 930908 Various declaration changes for portability. Print TXT/HINFO/UINFO strings within double quotes. It is done both in regular and zone listing output. This is conforming the syntax for zone input files. Add trailing dot to domain names in zone listing. This is conforming the syntax for zone input files. The trailing dot is not added in regular output. Define exit codes in new exit.h header file. This avoids the need to include /usr/ucbinclude when running in non-BSD mode on solaris 2.x platforms. Attempt to diagnose lame delegations. Error messages about lame delegations are given during zone listings and when checking SOA records (but only when the contacted servers are supposed to be authoritative). Also in case servers from NS records turn out not to exist. This may need some refinement for special cases. Perform some extra checks during zone listings. Check for unexpected error status in packets. Only the very first packet in response to a transfer query can have an error status. Issue warning if only a single nameserver found. Not an error per se, but not much redundancy then. Suggested by Peter Koch . Check for anomalous empty zone transfers. Transfers consisting of only SOA records could occur if we queried the victim of a lame delegation which happened to have the SOA record present. Fake an error that will result in a lame delegation message. Mentioned by Peter Koch . Indicate list/check failure/success via exit code. Failure status is returned in case any error has been reported via errmsg or pr_error (not pr_warning). For Ruediger Volk Add -o option to suppress rr output to stdout. Can be used in combination with -f to separate rr output from verbose comments and error output. Perform some SOA timer consistency checks. Check timer values for anomalies, such as (retry > refresh) or (refresh + retry > expire). Suggested by Peter Koch . Also compare all values instead of just serial. More accurate reporting of zones processed. Print total number of successful zone transfers versus the number of attempted transfers. Print count of zones which were successfully processed (transferred or -C checked) versus the number of zones requested to be processed. From this we can deduce the number of transfers that failed and the number of times we couldn't find any nameservers. 930901 Increase MAXNSNAME from 12 to 16. This is conforming NSMAX in ns.h Don't accumulate statistics if not necessary. Skip the costly host count scan in case nothing would be reported at all according to the command line options. Add some extra checks during zone listings. Check for invalid nonzero nscount and arcount. Special handling for non-authoritative answers. We had already NO_RREC for non-authoritative NO_DATA, but non-authoritative HOST_NOT_FOUND would yield TRY_AGAIN. Change this to NO_HOST to issue a separate error message. This identifies some special cases, e.g. queries for a non-existing name using class C_ANY when the nameserver is authoritative only for one specific class. Use TRY_AGAIN in both cases during zone listing errors. Minor declaration changes for portability. Add -F option to exchange role of stdout and logfile. The '-F file' is the same as '-f file' but all stdout output goes to the logfile, and stdout only gets the extra resource record output (so that it can be used in pipes). Implementation is inherently unportable. Supported only on a few platforms where it happens to work. Explain status messages in the manual page. Include address and name of server in perror messages. This gives a lot more information in case stderr and stdout are differently redirected. 930830 Make error checking in some routines uniform. Miscellaneous declaration changes. Filter resource record class appropriately. In zone listings records of different class can show up, e.g. HS records are mixed with IN records. Only records of the requested class should be processed. This fixes problems with recursive zone traversals and inaccurate statistics. Pointed out by and . Important fix. Include record class, if special, in some output. Show the class if it is not the default IN class. Include address of duplicate hosts in message. This may help to locate the problem. Properly concatenate long TXT strings that are split. Long TXT strings (>255) are split as of BIND 4.8.3. They were displayed incorrectly with TAB separators. Problem noted by Peter Koch . Cleanup some DNS terminology in output messages. Fix some confusion between '(sub)domain' and 'zone'. Only done in the output of host, not yet in the documentation. Pointed out by Peter Koch . Implement host address list as hashed list. The linear list is replaced with a hashed list, using the low-order address bits as the key. This may dramatically speed up recursive zone listings. Very important fix. Suggested by Peter Koch . Miscellaneous portability hooks. Add new port.h header file. Change u_long to u_int for resource record fields. These are fixed 32-bit quantities. Note that BIND 4.9 uses u_int32_t for these, but still uses (inconsistently) u_short instead of u_int16_t. Necessary for port to alpha and BIND 4.9. Change u_long to ipaddr_t for 32-bit address fields. For the time being, make this identical to u_long for non- alpha machines with pre-BIND 4.9 to avoid lint warnings. Note that BIND 4.9 uses u_int32_t for these. Necessary for port to alpha and BIND 4.9. Introduce new typedef for 'struct state'. Necessary for BIND 4.9. Make all arguments to vararg routines same type. No more mixing of arbitrary pointers and ints. Only number of arguments is variable. Requires few silly interfaces. Necessary for port to alpha. Add the RELEASE_NOTES file to explain changes. 930209 Lookup server name with default resolver values. Check SOA records without nameserver recursion. Implement new RR types from RFC 1183 and 1348. 921005 Anticipate ultrix specific resolv.h Miscellaneous declaration changes. Some reshuffling of code. 920702 Recognize alternative program call names. Distinguish between auth and non-auth NO_DATA. 920624 Lookup server name before changing nameserver address. Handle possible truncation in zone transfers. Provide private simplified version of res_send(). Add -u option to force virtual circuit connections. Move all socket I/O routines to separate send.c. 920616 Allocate list of zonenames dynamically, not statically. Move and slightly modify the test for fake hosts. Suppress host count statistics during inverse listing. Miscellaneous documentation updates. 920315 Improve counting of hosts within domain. Discard glue records not directly within domain. Keep track of hosts with duplicate address. Add -D option to list duplicate hosts. Add -E option to list extrazone hosts. Miscellaneous casting and typing cleanup. Increase (static) number of possible subdomains. 911201 Option -T also prints MX preference value. Save name of longest hostname found (just for fun). Undocumented option -g to select long names (fun). 911010 Don't recurse on cnames if querytype is cname. 910923 Count gateway hosts (with multiple addresses). Add -G option to list gateway hosts. 910905 Improve counting of hosts within domain. Allow hosts not directly within domain. Increase (static) maximum number of hosts. 910415 Improve finding of subdomain names. Allow subdomains not directly within domain. Check for unauthoritative glue records. Add -T option to print ttl when non-verbose. Improve connect timeout handling. Improve dotted quad parsing. Minimum ttl is now called default ttl. 910129 Maintain count of hosts during domain listings. Check for hosts with same name as subdomain. Add -H option for special host count mode. Recognize obsolete T_MAILA. # ---------------------------------------------------------------------- # TODO # ---------------------------------------------------------------------- Documentation changes. References to BIND 4.9, not only 4.8. Enhance reverse mapping. The new BIND 4.9.* gethostbyaddr() can be configured to return host aliases in case multiple PTR records were encountered during the reverse lookup. It is unclear what the official host name should be. Should perhaps abandon the idea of official host name. # ---------------------------------------------------------------------- # WISHLIST # ---------------------------------------------------------------------- Skip printing of second SOA in zone listing. Asked by Peter Koch . # ---------------------------------------------------------------------- # NOTES # ---------------------------------------------------------------------- Include files and resolver library. If you are linking this utility with an explicit resolver library, make sure you will be compiling with the same include files that were used to build the resolver library. The BIND 4.9 include file is incompatible with the BIND 4.8 version. This utility can handle both versions, but you cannot link with an 4.9 library after compilation with the 4.8 include files, and vice versa. Old resolver libraries. The res_mkquery() routine in the SUN-supplied resolver library on SunOS <= 4.1.3 adds the default domain to given single names if REF_DEFNAMES is set. This is not correct and leads to undesired results if you query about toplevel domains. It may be a pre-BIND 4.8.2 problem. The same behavior is reported in the default ultrix resolver. This will not be fixed in host. The documentation states that you need BIND 4.8.2 or higher. Problem noted by Peter Koch . Vendor-specific resolver libraries. Some vendors supply resolver libraries with configurable lookup strategies for gethostbyname/gethostbyaddr, e.g. to consult DNS, NIS, /etc/hosts, or other databases, in specific order. Such libraries are to be avoided when linking host. It is meant to query the DNS and DNS only. SUN's resolver library on solaris 2.x If you are on solaris 2.x and you don't have a proper BIND resolver library to link with, but have to use the broken default library, you can define NO_YP_LOOKUP in the Makefile to prevent gethostbyname/gethostbyaddr querying the YP/NIS. SUN will probably implement BIND 4.9.3 after its release. # ---------------------------------------------------------------------- # MISC # ---------------------------------------------------------------------- Port to DEC/Alpha with OSF/1. Requested by various people. This requires basically two adaptations: - sizeof(u_long) is 64 bits instead of 32 bits. Affects ip address fields and some fixed fields in the nameserver query/answer buffers. - pointers in C subroutine arguments are 64 bit quantities. Affects the varargs modules. Suggestions by Dietrich Wiegandt and David Cherkus . Compatibility with BIND 4.9. Don't use the u_long types any more. The 'struct state' is now 'struct __res_state'. New resolver library has various hooks for 'dig'. New resolver library prints to stdout with leading ";" but unfortunately not everywhere. It prints to stderr sometimes also with ";" but does not so in the perror() messages. (Things have been corrected in BIND 4.9.3). BIND 4.9 prints FQDN with trailing dot. BIND 4.9 prints TXT strings within double quotes. New features of BIND 4.9.3. Don't use sizeof() for u_int, u_short, struct in_addr, and HEADER, but use predefined constants for entities that have a fixed field width. A new parameter _res.ndots has been defined. The res_search() module may query the given name ``as_is''. The res_search() module retries after SERVFAIL. The res_send() module marks a bad server status for almost every error condition. Extra checks are carried out to ensure that a reply packet really is the answer to a query: nameserver addresses and query fields are compared.