1269257Sdes1.6.17 2014-01-10 2269257Sdes * Fix ldns_dnssec_zone_new_frm_fp_l to allow the last parsed line of a 3269257Sdes zone to be an NSEC3 (or its RRSIG) covering an empty non terminal. 4269257Sdes * Add --disable-dane option to configure and check availability of the 5269257Sdes for dane needed X509_check_ca function in openssl. 6269257Sdes * bugfix #490: Get rid of type-punned pointer warnings. 7269257Sdes Thanks Adam Tkac. 8269257Sdes * Make sure executables are linked against libcrypto with the 9269257Sdes LIBSSL_LDFLAGS. Thanks Leo Baltus. 10269257Sdes * Miscellaneous prototype fixes. Thanks Dag-Erling Sm��rgrav. 11269257Sdes * README now shows preferred way to configure for examples and drill. 12269257Sdes * Bind to source address for resolvers. drill binds to source with -I. 13269257Sdes Thanks Bryan Duff. 14269257Sdes * -T option for ldns-dane that has specific exit status for PKIX 15269257Sdes validated connections without (secure) TLSA records. 16269257Sdes * Fix b{32,64}_{ntop,pton} detection and handling. 17269257Sdes * New RR type TKEY, but without operational practice. 18269257Sdes * New RR types HIP, NINFO, RKEY, CDS, EUI48, EUI64, URI, CAA and TA. 19269257Sdes * New output format flag (and accompanying functions) to print certain 20269257Sdes RR's as unknown type 21269257Sdes * -u and -U parameter for ldns-read-zone to mark/unmark a RR type 22269257Sdes for printing as unknown type 23269257Sdes * bugfix #504: GPOS RR has three rdata fields. Thanks Jelte Jansen. 24269257Sdes * bugfix #497: Properly test for EOF when reading key files with drill. 25269257Sdes * New functions: ldns_pkt_ixfr_request_new and 26269257Sdes ldns_pkt_ixfr_request_new_frm_str. 27269257Sdes * Use SNI with ldns-dane 28269257Sdes * bugfix #507: ldnsx Fix use of non-existent variables and not 29269257Sdes properly referring to instance variable. Patch from shussain. 30269257Sdes * bugfix #508: ldnsx Adding NSEC3PARAM to known/allowable RR type 31269257Sdes dictionary. Patch from shussain. 32269257Sdes * bugfix #517: ldns_resolver_new_frm_fp error when invoked using a NULL 33269257Sdes file pointer. 34269257Sdes * Fix memory leak in contrib/python: ldns_pkt.new_query. 35269257Sdes * Fix buffer overflow in fget_token and bget_token. 36269257Sdes * ldns-verify-zone NSEC3 checking from quadratic to linear performance. 37269257Sdes Thanks NIC MX (nicmexico.mx) 38269257Sdes * ldns-dane setup new ssl session for each new connect to prevent hangs 39269257Sdes * bugfix #521: drill trace continue on empty non-terminals with NSEC3 40269257Sdes * bugfix #525: Fix documentation of ldns_resolver_set_retry 41269257Sdes * Remove unused LDNS_RDF_TYPE_TSIG and associated functions. 42269257Sdes * Fix ldns_nsec_covers_name for zones with an apex only. Thanks Miek. 43269257Sdes * Configure option to build perl bindings: --with-p5-dns-ldns 44269257Sdes (DNS::LDNS is a contribution from Erik Ostlyngen) 45269257Sdes * bugfix #527: Move -lssl before -lcrypto when linking 46269257Sdes * Optimize TSIG digest function name comparison (Thanks Marc Buijsman) 47269257Sdes * Compare names case insensitive with ldns_pkt_rr_list_by_name and 48269257Sdes ldns_pkt_rr_list_by_name_and_type (thanks Johannes Naab) 49269257Sdes * A separate --enable for each draft RR type: --enable-rrtype-ninfo, 50269257Sdes --enable-rrtype-rkey, --enable-rrtype-cds, --enable-rrtype-uri and 51269257Sdes --enable-rrtype-ta 52269257Sdes * bugfix #530: Don't sign and verify duplicate RRs (Thanks Jelte Jansen) 53269257Sdes * bugfix #505: Manpage and usage output fixes (Thanks Tomas Hozza) 54269257Sdes * Adjust ldns_sha1() so that the input data is not modified (Thanks 55269257Sdes Marc Buijsman) 56269257Sdes * Messages to stderr are now off by default and can be reenabled with 57269257Sdes the --enable-stderr-msgs configure option. 58269257Sdes 59246854Sdes1.6.16 2012-11-13 60246854Sdes * Fix Makefile to build pyldns with BSD make 61246854Sdes * Fix typo in exporting b32_* symbols to make pyldns load again 62246854Sdes * Allow leaving the RR owner name empty in ldns-testns datafiles. 63246854Sdes * Fix fail to create NSEC3 bitmap for empty non-terminal (bug 64246854Sdes introduced in 1.6.14). 65246854Sdes 66246854Sdes1.6.15 2012-10-25 67246854Sdes * Remove LDNS_STATUS_EXISTS_ERR from ldns/error.h to make ldns 68246854Sdes binary compatible with earlier releases again. 69246854Sdes 70246854Sdes1.6.14 2012-10-23 71246854Sdes * DANE support (RFC6698), including ldns-dane example tool. 72246854Sdes * Configurable default CA certificate repository for ldns-dane with 73246854Sdes --with-ca-file=CAFILE and --with-ca-path=CAPATH 74246854Sdes * Configurable default trust anchor with --with-trust-anchor=FILE 75246854Sdes for drill, ldns-verify-zone and ldns-dane 76246854Sdes * bugfix #474: Define socklen_t when undefined (like in Win32) 77246854Sdes * bugfix #473: Dead code removal and resource leak fix in drill 78246854Sdes * bugfix #471: Let ldns_resolver_push_dnssec_anchor accept DS RR's too. 79246854Sdes * Various bugfixes from code reviews from CZ.NIC and Paul Wouters 80246854Sdes * ldns-notify TSIG option argument checking 81246854Sdes * Let ldns_resolver_nameservers_randomize keep nameservers and rtt's 82246854Sdes in sync. 83246854Sdes * Let ldns_pkt_push_rr now return false on (memory) errors. 84246854Sdes * Make buffer_export comply to documentation and fix buffer2str 85246854Sdes * Various improvements and fixes of pyldns from Katel Slany 86246854Sdes now documented in their own Changelog. 87246854Sdes * bugfix: Make ldns_resolver_pop_nameserver clear the array when 88246854Sdes there was only one. 89246854Sdes * bugfix #459: Remove ldns_symbols and export symbols based on regex 90246854Sdes * bugfix #458: Track all newly created signatures when signing. 91246854Sdes * bugfix #454: Only set -g and -O2 CFLAGS when no CFLAGS was given. 92246854Sdes * bugfix #457: Memory leak fix for ldns_key_new_frm_algorithm. 93246854Sdes * pyldns memory handling fixes and the python3/ldns-signzone.py 94246854Sdes examples script contribution from Karel Slany. 95246854Sdes * bugfix #450: Base # bytes for P, G and Y (T) on the guaranteed 96246854Sdes to be bigger (or equal) P in ldns_key_dsa2bin. 97246854Sdes * bugfix #449: Deep free cloned rdf's in ldns_tsig_mac_new. 98246854Sdes * bugfix #448: Copy nameserver value (in stead of reference) of the 99246854Sdes answering nameserver to the answer packet in ldns_send_buffer, so 100246854Sdes the original value may be deep freed with the ldns_resolver struct. 101246854Sdes * New -0 option for ldns-read-zone to replace inception, expiration 102246854Sdes and signature rdata fields with (null). Thanks Paul Wouters. 103246854Sdes * New -p option for ldns-read-zone to prepend-pad SOA serial to take 104246854Sdes up ten characters. 105246854Sdes * Return error if printing RR fails due to unknown/null RDATA. 106246854Sdes 107238104Sdes1.6.13 2012-05-21 108238104Sdes * New -S option for ldns-verify-zone to chase signatures online. 109238104Sdes * New -k option for ldns-verify-zone to validate using a trusted key. 110238104Sdes * New inception and expiration margin options (-i and -e) to 111238104Sdes ldns-verify-zone. 112238104Sdes * New ldns_dnssec_zone_new_frm_fp and ldns_dnssec_zone_new_frm_fp_l 113238104Sdes functions. 114238104Sdes * New ldns_duration* functions (copied from OpenDNSSEC source) 115238104Sdes * fix ldns-verify-zone to allow NSEC3 signatures to come before 116238104Sdes the NSEC3 RR in all cases. Thanks Wolfgang Nagele. 117238104Sdes * Zero the correct flag (opt-out) when creating NSEC3PARAMS. 118238104Sdes Thanks Peter van Dijk. 119238104Sdes * Canonicalize RRSIG's Signer's name too when validating, because 120238104Sdes bind and unbound do that too. Thanks Peter van Dijk. 121238104Sdes * bugfix #433: Allocate rdf using ldns_rdf_new in ldns_dname_label 122238104Sdes * bugfix #432: Use LDNS_MALLOC & LDNS_FREE i.s.o. malloc & free 123238104Sdes * bugfix #431: Added error message for LDNS_STATUS_INVALID_B32_EXT 124238104Sdes * bugfix #427: Explicitely link ssl with the programs that use it. 125238104Sdes * Fix reading \DDD: Error on values that are outside range (>255). 126238104Sdes * bugfix #429: fix doxyparse.pl fails on NetBSD because specified 127238104Sdes path to perl. 128238104Sdes * New ECDSA support (RFC 6605), use --disable-ecdsa for older openssl. 129238104Sdes * fix verifying denial of existence for DS's in NSEC3 Opt-Out zones. 130238104Sdes Thanks John Barnitz 131238104Sdes 132238104Sdes1.6.12 2012-01-11 133238104Sdes * bugfix #413: Fix manpage source for srcdir != builddir 134238104Sdes * Canonicalize the signers name rdata field in RRSIGs when signing 135238104Sdes * Ignore minor version of Private-key-format (so v1.3 may be used) 136238104Sdes * Allow a check_time to be given in stead of always checking against 137238104Sdes the current time. With ldns-verify-zone the check_time can be set 138238104Sdes with the -t option. 139238104Sdes * Added functions for updating and manipulating SOA serial numbers. 140238104Sdes ldns-read-zone has an option -S for updating and manipulating the 141238104Sdes serial numbers. 142238104Sdes * The library Makefile is now GNU and BSD make compatible. 143238104Sdes * bugfix #419: NSEC3 validation of a name covered by a wildcard with 144238104Sdes no data. 145238104Sdes * Two new options (--with-drill and --with-examples) to the main 146238104Sdes configure script (in the root of the source tree) to build drill 147238104Sdes and examples too. 148238104Sdes * Fix days_since_epoch to year_yday calculation on 32bits systems. 149238104Sdes 150238104Sdes1.6.11 2011-09-29 151238104Sdes * bugfix #394: Fix socket leak on errors 152238104Sdes * bugfix #392: Apex only and percentage checks for ldns-verify-zone 153238104Sdes (thanks Miek Gieben) 154238104Sdes * bugfix #398: Allow NSEC RRSIGs before the NSEC3 in ldns-verify-zone 155238104Sdes * Fix python site package path from sitelib to sitearch for pyldns. 156238104Sdes * Fix python api to support python2 and python3 (thanks Karel Slany). 157238104Sdes * bugfix #401: Correction of date/time functions algorithm and 158238104Sdes prevention of an infinite loop therein 159238104Sdes * bugfix #402: Correct the minimum and maximum number of rdata fields 160238104Sdes in TSIG. (thanks David Keeler) 161238104Sdes * bugfix #403: Fix heap overflow (thanks David Keeler) 162238104Sdes * bugfix #404: Make parsing APL strings more robust 163238104Sdes (thanks David Keeler) 164238104Sdes * bugfix #391: Complete library assessment to prevent assertion errors 165238104Sdes through ldns_rdf_size usage. 166238104Sdes * Slightly more specific error messaging on wrong number of rdata 167238104Sdes fields with the LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG and 168238104Sdes LDNS_STATUS_MISSING_RDATA_FIELDS_KEY result codes. 169238104Sdes * bugfix #406: More rigorous openssl result code handling to prevent 170238104Sdes future crashes within openssl. 171238104Sdes * Fix ldns_fetch_valid_domain_keys to search deeper than just one level 172238104Sdes for a DNSKEY that signed a DS RR. (this function was used in the 173238104Sdes check_dnssec_trace nagios module) 174238104Sdes * bugfix #407: Canonicalize TSIG dnames and algorithm fields 175238104Sdes * A new output specifier to accommodate configuration of what to show 176238104Sdes in comment texts when converting host and/or wire-format data to 177238104Sdes string. All conversion to string and printing functions have a new 178238104Sdes version that have such a format specifier as an extra argument. 179238104Sdes The default is changed so that only DNSKEY RR's are annotated with 180238104Sdes an comment show the Key Tag of the DNSKEY. 181238104Sdes * Fixed the ldns resolver to not mark a nameserver unreachable when 182238104Sdes edns0 is tried unsuccessfully with size 4096 (no return packet came), 183238104Sdes but to still try TCP. A big UDP packet might have been corrupted by 184238104Sdes fragments dropping firewalls. 185238104Sdes * Update of libdns.vim (thanks Miek Gieben) 186238104Sdes * Added the ldnsx Python module to our contrib section, which adds even 187238104Sdes more pythonisticism to the usage of ldns with Python. (Many thanks 188238104Sdes to Christpher Olah and Paul Wouters) 189238104Sdes The ldnsx module is automatically installed when --with-pyldns is 190238104Sdes used with configuring, but may explicitly be excluded with the 191238104Sdes --without-pyldnsx option to configure. 192238104Sdes * bugfix #410: Fix clearing out temporary data on stack in sha2.c 193238104Sdes * bugfix #411: Don't let empty non-terminal NSEC3s cause assertion failure. 194238104Sdes 195238104Sdes1.6.10 2011-05-31 196238104Sdes * New example tool added: ldns-gen-zone. 197238104Sdes * bugfix #359: Serial-arithmetic for the inception and expiration 198238104Sdes fields of a RRSIG and correctly converting them to broken-out time 199238104Sdes information. 200238104Sdes * bugfix #364: Slight performance increase of ldns-verifyzone. 201238104Sdes * bugfix #367: Fix to allow glue records with the same name as the 202238104Sdes delegation. 203238104Sdes * Fix ldns-verifyzone to allow NSEC3-less records for NS rrsets *and* 204238104Sdes glue when the zone is opt-out. 205238104Sdes * bugfix #376: Adapt ldns_nsec3_salt, ldns_nsec3_iterations, 206238104Sdes ldns_nsec3_flags and ldns_nsec3_algorithm to work for NSEC3PARAMS too. 207238104Sdes * pyldns memory leaks fixed by Bedrich Kosata (at the cost of a bit 208238104Sdes performance) 209238104Sdes * Better handling of reference variables in ldns_rr_new_frm_fp_l from 210238104Sdes pyldns, with a very nice generator function by Bedrich Kosata. 211238104Sdes * Decoupling of the rdfs in rrs in the python wrappers to enable 212238104Sdes the python garbage collector by Bedrich Kosata. 213238104Sdes * bugfix #380: Minimizing effect of discrepancies in sizeof(bool) at 214238104Sdes build time and when used. 215238104Sdes * bugfix #383: Fix detection of empty nonterminals of multiple labels. 216238104Sdes * Fixed the ommission of rrsets in nsec(3)s and rrsigs to all occluded 217238104Sdes names (in stead of just the ones that contain glue only) and all 218238104Sdes occluded records on the delegation points (in stead of just the glue). 219238104Sdes * Clarify the operation of ldns_dnssec_mark_glue and the usage of 220238104Sdes ldns_dnssec_node_next_nonglue functions in the documentation. 221238104Sdes * Added function ldns_dnssec_mark_and_get_glue as an real fast 222238104Sdes alternative for ldns_zone_glue_rr_list. 223238104Sdes * Fix parse buffer overflow for max length domain names. 224238104Sdes * Fix Makefile for U in environment, since wrong U is more common than 225238104Sdes deansification necessity. 226238104Sdes 227238104Sdes1.6.9 2011-03-16 228238104Sdes * Fix creating NSEC(3) bitmaps: make array size 65536, 229238104Sdes don't add doubles. 230238104Sdes * Fix printout of escaped binary in TXT records. 231238104Sdes * Parsing TXT records: don't skip starting whitespace that is quoted. 232238104Sdes * bugfix #358: Check if memory was successfully allocated in 233238104Sdes ldns_rdf2str(). 234238104Sdes * Added more memory allocation checks in host2str.c 235238104Sdes * python wrapper for ldns_fetch_valid_domain_keys by Bedrich Kosata. 236238104Sdes * fix to compile python wrapper with swig 2.0.2. 237238104Sdes * Don't fallback to SHA-1 when creating NSEC3 hash with another 238238104Sdes algorithm identifier, fail instead (no other algorithm identifiers 239238104Sdes are assigned yet). 240238104Sdes 241238104Sdes1.6.8 2011-01-24 242238104Sdes * Fix ldns zone, so that $TTL definition match RFC 2308. 243238104Sdes * Fix lots of missing checks on allocation failures and parse of 244238104Sdes NSEC with many types and max parse length in hosts_frm_fp routine 245238104Sdes and off by one in read_anchor_file routine (thanks Dan Kaminsky and 246238104Sdes Justin Ferguson). 247238104Sdes * bugfix #335: Drill: Print both SHA-1 and SHA-256 corresponding DS 248238104Sdes records. 249238104Sdes * Print correct WHEN in query packet (is not always 1-1-1970) 250238104Sdes * ldns-test-edns: new example tool that detects EDNS support. 251238104Sdes * fix ldns_resolver_send without openssl. 252238104Sdes * bugfix #342: patch for support for more CERT key types (RFC4398). 253238104Sdes * bugfix #351: fix udp_send hang if UDP checksum error. 254238104Sdes * fix set_bit (from NSEC3 sign) patch from Jan Komissar. 255238104Sdes 256238104Sdes1.6.7 2010-11-08 257238104Sdes * EXPERIMENTAL ecdsa implementation, please do not enable on real 258238104Sdes servers. 259238104Sdes * GOST code enabled by default (RFC 5933). 260238104Sdes * bugfix #326: ignore whitespace between directives and their values. 261238104Sdes * Header comment to advertise ldns_axfr_complete to check for 262238104Sdes successfully completed zone transfers. 263238104Sdes * read resolv.conf skips interface labels, e.g. %eth0. 264238104Sdes * Fix drill verify NSEC3 denials. 265238104Sdes * Use closesocket() on windows. 266238104Sdes * Add ldns_get_signing_algorithm_by_name that understand aliases, 267238104Sdes names changed to RFC names and aliases for compatibility added. 268238104Sdes * bugfix: don't print final dot if the domain is relative. 269238104Sdes * bugfix: resolver search continue when packet rcode != NOERROR. 270238104Sdes * bugfix: resolver push all domains in search directive to list. 271238104Sdes * bugfix: resolver search by default includes the root domain. 272238104Sdes * bugfix: tcp read could fail on single octet recv. 273238104Sdes * bugfix: read of RR in unknown syntax with missing fields. 274238104Sdes * added ldns_pkt_tsig_sign_next() and ldns_pkt_tsig_verify_next() 275238104Sdes to sign and verify TSIG RRs on subsequent messages 276238104Sdes (section 4.4, RFC 2845, thanks to Michael Sheldon). 277238104Sdes * bugfix: signer sigs nsecs with zsks only. 278238104Sdes * bugfix #333: fix ldns_dname_absolute for name ending with backslash. 279238104Sdes 280238104Sdes1.6.6 2010-08-09 281238104Sdes * Fix ldns_rr_clone to copy question rrs properly. 282238104Sdes * Fix ldns_sign_zone(_nsec3) to clone the soa for the new zone. 283238104Sdes * Fix ldns_wire2dname size check from reading 1 byte beyond buffer end. 284238104Sdes * Fix ldns_wire2dname from reading 1 byte beyond end for pointer. 285238104Sdes * Fix crash using GOST for particular platform configurations. 286238104Sdes * extern C declarations used in the header file. 287238104Sdes * Removed debug fprintf from resolver.c. 288238104Sdes * ldns-signzone checks if public key file is for the right zone. 289238104Sdes * NETLDNS, .NET port of ldns functionality, by Alex Nicoll, in contrib. 290238104Sdes * Fix handling of comments in resolv.conf parse. 291238104Sdes * GOST code enabled if SSL recent, RFC 5933. 292238104Sdes * bugfix #317: segfault util.c ldns_init_random() fixed. 293238104Sdes * Fix ldns_tsig_mac_new: allocate enough memory for the hash, fix use of 294238104Sdes b64_pton_calculate_size. 295238104Sdes * Fix ldns_dname_cat: size calculation and handling of realloc(). 296238104Sdes * Fix ldns_rr_pop_rdf: fix handling of realloc(). 297238104Sdes * Fix ldns-signzone for single type key scheme: sign whole zone if there 298238104Sdes are only KSKs. 299238104Sdes * Fix ldns_resolver: also close socket if AXFR failed (if you don't, 300238104Sdes it would block subsequent transfers (thanks Roland van Rijswijk). 301238104Sdes * Fix drill: allow for a secure trace if you use DS records as trust 302238104Sdes anchors (thanks Jan Komissar). 303238104Sdes 304238104Sdes1.6.5 2010-06-15 305238104Sdes * Catch \X where X is a digit as an error. 306238104Sdes * Fix segfault when ip6 ldns resolver only has ip4 servers. 307238104Sdes * Fix NSEC record after DNSKEY at zone apex not properly signed. 308238104Sdes * Fix syntax error if last label too long and no dot at end of domain. 309238104Sdes * Fix parse of \# syntax with space for type LOC. 310238104Sdes * Fix ldns_dname_absolute for escape sequences, fixes some parse errs. 311238104Sdes * bugfix #297: linking ssl, bug due to patch submitted as #296. 312238104Sdes * bugfix #299: added missing declarations to host2str.h 313238104Sdes * ldns-compare-zones -s to not exclude SOA record from comparison. 314238104Sdes * --disable-rpath fix 315238104Sdes * fix ldns_pkt_empty(), reported by Alex Nicoll. 316238104Sdes * fix ldns_resolver_new_frm_fp not ignore lines after a comment. 317238104Sdes * python code for ldns_rr.new_question_frm_str() 318238104Sdes * Fix ldns_dnssec_verify_denial: the signature selection routine. 319238104Sdes * Type TALINK parsed (draft-ietf-dnsop-trust-history). 320238104Sdes * bugfix #304: fixed dead loop in ldns_tcp_read_wire() and 321238104Sdes ldns_tcp_read_wire_timeout(). 322238104Sdes * GOST support with correct algorithm numbers. The plan is to make it 323238104Sdes enabled if openssl support is detected, but it is disabled by 324238104Sdes default in this release because the RFC is not ready. 325238104Sdes * Fixed comment in rbtree.h about being first member and data ptr. 326238104Sdes * Fixed possibly leak in case of out of memory in ldns_native2rdf... 327238104Sdes * ldns_dname_is_wildcard added. 328238104Sdes * Fixed: signatures over wildcards had the wrong labelcount. 329238104Sdes * Fixed ldns_verify() inconsistent return values. 330238104Sdes * Fixed ldns_resolver to copy and free tsig name, data and algorithm. 331238104Sdes * Fixed ldns_resolver to push search onto searchlist. 332238104Sdes * A ldns resolver now defaults to a non-recursive resolver that handles 333238104Sdes the TC bit. 334238104Sdes * ldns_resolver_print() prints more details. 335238104Sdes * Fixed ldns_rdf2buffer_str_time(), which did not print timestamps 336238104Sdes on 64bit systems. 337238104Sdes * Make ldns_resolver_nameservers_randomize() more random. 338238104Sdes * bugfix #310: POSIX specifies NULL second argument of gettimeofday. 339238104Sdes * fix compiler warnings from llvm clang compiler. 340238104Sdes * bugfix #309: ldns_pkt_clone did not clone the tsig_rr. 341238104Sdes * Fix gentoo ebuild for drill, 'no m4 directory'. 342238104Sdes * bugfix #313: drill trace on an empty nonterminal continuation. 343238104Sdes 344238104Sdes1.6.4 2010-01-20 345238104Sdes * Imported pyldns contribution by Zdenek Vasicek and Karel Slany. 346238104Sdes Changed its configure and Makefile to fit into ldns. 347238104Sdes Added its dname_* methods to the rdf_* class (as is the ldns API). 348238104Sdes Changed swig destroy of ldns_buffer class to ldns_buffer_free. 349238104Sdes Declared ldns_pkt_all and ldns_pkt_all_noquestion so swig sees them. 350238104Sdes * Bugfix: parse PTR target of .tomhendrikx.nl with error not crash. 351238104Sdes * Bugfix: handle escaped characters in TXT rdata. 352238104Sdes * bug292: no longer crash on malformed domain names where a label is 353238104Sdes on position 255, which was a buffer overflow by one. 354238104Sdes * Fix ldns_get_rr_list_hosts_frm_fp_l (strncpy to strlcpy change), 355238104Sdes which fixes resolv.conf reading badly terminated string buffers. 356238104Sdes * Fix ldns_pkt_set_random_id to be more random, and a little faster, 357238104Sdes it did not do value 0 statistically correctly. 358238104Sdes * Fix ldns_rdf2native_sockaddr_storage to set sockaddr type to zeroes, 359238104Sdes for portability. 360238104Sdes * bug295: nsec3-hash routine no longer case sensitive. 361238104Sdes * bug298: drill failed nsec3 denial of existence proof. 362238104Sdes 363238104Sdes1.6.3 2009-12-04 364238104Sdes * Bugfix: allow for unknown resource records in zonefile with rdlen=0. 365238104Sdes * Bugfix: also mark an RR as question if it comes from the wire 366238104Sdes * Bugfix: NSEC3 bitmap contained NSEC 367238104Sdes * Bugfix: Inherit class when creating signatures 368238104Sdes 369238104Sdes1.6.2 2009-11-12 370238104Sdes * Fix Makefile patch from Havard Eidnes, better install.sh usage. 371238104Sdes * Fix parse error on SOA serial of 2910532839. 372238104Sdes Fix print of ';' and readback of '\;' in names, also for '\\'. 373238104Sdes Fix parse of '\(' and '\)' in names. Also for file read. Also '\.' 374238104Sdes * Fix signature creation when TTLs are different for RRs in RRset. 375238104Sdes * bug273: fix so EDNS rdata is included in pkt to wire conversion. 376238104Sdes * bug274: fix use of c++ keyword 'class' for RR class in the code. 377238104Sdes * bug275: fix memory leak of packet edns rdata. 378238104Sdes * Fix timeout procedure for TCP and AXFR on Solaris. 379238104Sdes * Fix occasional NSEC bitmap bogus 380238104Sdes * Fix rr comparing (was in reversed order since 1.6.0) 381238104Sdes * bug278: fix parsing HINFO rdata (and other cases). 382238104Sdes * Fix previous owner name: also pick up if owner name is @. 383238104Sdes * RFC5702: enabled sha2 functions by default. This requires OpenSSL 0.9.8 or higher. 384238104Sdes Reason for this default is the root to be signed with RSASHA256. 385238104Sdes * Fix various LDNS RR parsing issues: IPSECKEY, WKS, NSAP, very long lines 386238104Sdes * Fix: Make ldns_dname_is_subdomain case insensitive. 387238104Sdes * Fix ldns-verify-zone so that address records at zone NS set are not considered glue 388238104Sdes (Or glue records fall below delegation) 389238104Sdes * Fix LOC RR altitude printing. 390238104Sdes * Feature: Added period (e.g. '3m6d') support at explicit TTLs. 391238104Sdes * Feature: DNSKEY rrset by default signed with minimal signatures 392238104Sdes but -A option for ldns-signzone to sign it with all keys. 393238104Sdes This makes the DNSKEY responses smaller for signed domains. 394238104Sdes 395238104Sdes1.6.1 2009-09-14 396238104Sdes * --enable-gost : use the GOST algorithm (experimental). 397238104Sdes * Added some missing options to drill manpage 398238104Sdes * Some fixes to --without-ssl option 399238104Sdes * Fixed quote parsing withing strings 400238104Sdes * Bitmask fix in EDNS handling 401238104Sdes * Fixed non-fqdn domain name completion for rdata field domain 402238104Sdes names of length 1 403238104Sdes * Fixed chain validation with SHA256 DS records 404238104Sdes 405238104Sdes1.6.0 406238104Sdes Additions: 407238104Sdes * Addition of an ldns-config script which gives cflags and libs 408238104Sdes values, for use in configure scripts for applications that use 409238104Sdes use ldns. Can be disabled with ./configure --disable-ldns-config 410238104Sdes * Added direct sha1, sha256, and sha512 support in ldns. 411238104Sdes With these functions, all NSEC3 functionality can still be 412238104Sdes used, even if ldns is built without OpenSSL. Thanks to OpenBSD, 413238104Sdes Steve Reid, and Aaron D. Gifford for the code. 414238104Sdes * Added reading/writing support for the SPF Resource Record 415238104Sdes * Base32 functions are now exported 416238104Sdes Bugfixes: 417238104Sdes * ldns_is_rrset did not go through the complete rrset, but 418238104Sdes only compared the first two records. Thanks to Olafur 419238104Sdes Gudmundsson for report and patch 420238104Sdes * Fixed a small memory bug in ldns_rr_list_subtype_by_rdf(), 421238104Sdes thanks to Marius Rieder for finding an patching this. 422238104Sdes * --without-ssl should now work. Make sure that examples/ and 423238104Sdes drill also get the --without-ssl flag on their configure, if 424238104Sdes this is used. 425238104Sdes * Some malloc() return value checks have been added 426238104Sdes * NSEC3 creation has been improved wrt to empty nonterminals, 427238104Sdes and opt-out. 428238104Sdes * Fixed a bug in the parser when reading large NSEC3 salt 429238104Sdes values. 430238104Sdes * Made the allowed length for domain names on wire 431238104Sdes and presentation format the same. 432238104Sdes Example tools: 433238104Sdes * ldns-key2ds can now also generate DS records for keys without 434238104Sdes the SEP flag 435238104Sdes * ldns-signzone now equalizes the TTL of the DNSKEY RRset (to 436238104Sdes the first non-default DNSKEY TTL value it sees) 437238104Sdes 438238104Sdes1.5.1 439238104Sdes Example tools: 440238104Sdes * ldns-signzone was broken in 1.5.0 for multiple keys, this 441238104Sdes has been repaired 442238104Sdes 443238104Sdes Build system: 444238104Sdes * Removed a small erroneous output warning in 445238104Sdes examples/configure and drill/configure 446238104Sdes 447238104Sdes1.5.0 448238104Sdes Bug fixes: 449238104Sdes * fixed a possible memory overflow in the RR parser 450238104Sdes * build flag fix for Sun Studio 451238104Sdes * fixed a building race condition in the copying of header 452238104Sdes files 453238104Sdes * EDNS0 extended rcode; the correct assembled code number 454238104Sdes is now printed (still in the EDNS0 field, though) 455238104Sdes * ldns_pkt_rr no longer leaks memory (in fact, it no longer 456238104Sdes copies anything all) 457238104Sdes 458238104Sdes API addition: 459238104Sdes * ldns_key now has support for 'external' data, in which 460238104Sdes case the OpenSSL EVP structures are not used; 461238104Sdes ldns_key_set_external_key() and ldns_key_external_key() 462238104Sdes * added ldns_key_get_file_base_name() which creates a 463238104Sdes 'default' filename base string for key storage, of the 464238104Sdes form "K<zone>+<algorithm>+<keytag>" 465238104Sdes * the ldns_dnssec_* family of structures now have deep_free() 466238104Sdes functions, which also free the ldns_rr's contained in them 467238104Sdes * there is now an ldns_match_wildcard() function, which checks 468238104Sdes whether a domain name matches a wildcard name 469238104Sdes * ldns_sign_public has been split up; this resulted in the 470238104Sdes addition of ldns_create_empty_rrsig() and 471238104Sdes ldns_sign_public_buffer() 472238104Sdes 473238104Sdes Examples: 474238104Sdes * ldns-signzone can now automatically add DNSKEY records when 475238104Sdes using an OpenSSL engine, as it already did when using key 476238104Sdes files 477238104Sdes * added new example tool: ldns-nsec3-hash 478238104Sdes * ldns-dpa can now filter on specific query name and types 479238104Sdes * ldnsd has fixes for the zone name, a fix for the return 480238104Sdes value of recvfrom(), and an memory initialization fix 481238104Sdes (Thanks to Colm MacC��rthaigh for the patch) 482238104Sdes * Fixed memory leaks in ldnsd 483238104Sdes 484238104Sdes 485238104Sdes 486238104Sdes1.4.1 487238104Sdes Bug fixes: 488238104Sdes * fixed a build issue where ldns lib existence was done too early 489238104Sdes * removed unnecessary check for pcap.h 490238104Sdes * NSEC3 optout flag now correctly printed in string output 491238104Sdes * inttypes.h moved to configured inclusion 492238104Sdes * fixed NSEC3 type bitmaps for empty nonterminals and unsigned 493238104Sdes delegations 494238104Sdes 495238104Sdes API addition: 496238104Sdes * for that last fix, we added a new function 497238104Sdes ldns_dname_add_from() that can clone parts of a dname 498238104Sdes 499238104Sdes1.4.0 500238104Sdes Bug fixes: 501238104Sdes * sig chase return code fix (patch from Rafael Justo, bug id 189) 502238104Sdes * rdata.c memory leaks on error and allocation checks fixed (patch 503238104Sdes from Shane Kerr, bug id 188) 504238104Sdes * zone.c memory leaks on error and allocation checks fixed (patch 505238104Sdes from Shane Kerr, bug id 189) 506238104Sdes * ldns-zplit output and error messages fixed (patch from Shane Kerr, 507238104Sdes bug id 190) 508238104Sdes * Fixed potential buffer overflow in ldns_str2rdf_dname 509238104Sdes * Signing code no longer signs delegation NS rrsets 510238104Sdes * Some minor configure/makefile updates 511238104Sdes * Fixed a bug in the randomness initialization 512238104Sdes * Fixed a bug in the reading of resolv.conf 513238104Sdes * Fixed a bug concerning whitespace in zone data (with patch from Ondrej 514238104Sdes Sury, bug 213) 515238104Sdes * Fixed a small fallback problem in axfr client code 516238104Sdes 517238104Sdes API CHANGES: 518238104Sdes * added 2str convenience functions: 519238104Sdes - ldns_rr_type2str 520238104Sdes - ldns_rr_class2str 521238104Sdes - ldns_rr_type2buffer_str 522238104Sdes - ldns_rr_class2buffer_str 523238104Sdes * buffer2str() is now called ldns_buffer2str 524238104Sdes * base32 and base64 function names are now also prepended with ldns_ 525238104Sdes * ldns_rr_new_frm_str() now returns an error on missing RDATA fields. 526238104Sdes Since you cannot read QUESTION section RRs with this anymore, 527238104Sdes there is now a function called ldns_rr_new_question_frm_str() 528238104Sdes 529238104Sdes LIBRARY FEATURES: 530238104Sdes * DS RRs string representation now add bubblebabble in a comment 531238104Sdes (patch from Jakob Schlyter) 532238104Sdes * DLV RR type added 533238104Sdes * TCP fallback system has been improved 534238104Sdes * HMAC-SHA256 TSIG support has been added. 535238104Sdes * TTLS are now correcly set in NSEC(3) records when signing zones 536238104Sdes 537238104Sdes EXAMPLE TOOLS: 538238104Sdes * New example: ldns-revoke to revoke DNSKEYs according to RFC5011 539238104Sdes * ldns-testpkts has been fixed and updated 540238104Sdes * ldns-signzone now has the option to not add the DNSKEY 541238104Sdes * ldns-signzone now has an (full zone only) opt-out option for 542238104Sdes NSEC3 543238104Sdes * ldns-keygen can create HMAC-SHA1 and HMAC-SHA256 symmetric keys 544238104Sdes * ldns-walk output has been fixed 545238104Sdes * ldns-compare-zones has been fixed, and now has an option 546238104Sdes to show all differences (-a) 547238104Sdes * ldns-read-zone now has an option to print DNSSEC records only 548238104Sdes 549238104Sdes1.3 550238104Sdes Base library: 551238104Sdes 552238104Sdes * Added a new family of functions based around ldns_dnssec_zone, 553238104Sdes which is a new structure that keeps a zone sorted through an 554238104Sdes rbtree and links signatures and NSEC(3) records directly to their 555238104Sdes RRset. These functions all start with ldns_dnssec_ 556238104Sdes 557238104Sdes * ldns_zone_sign and ldns_zone_sign_nsec3 are now deprecated, but 558238104Sdes have been changed to internally use the new 559238104Sdes ldns_dnssec_zone_sign(_nsec3) 560238104Sdes 561238104Sdes * Moved some ldns_buffer functions inline, so a clean rebuild of 562238104Sdes applications relying on those is needed (otherwise you'll get 563238104Sdes linker errors) 564238104Sdes * ldns_dname_label now returns one extra (zero) 565238104Sdes byte, so it can be seen as an fqdn. 566238104Sdes * NSEC3 type code update for signing algorithms. 567238104Sdes * DSA key generation of DNSKEY RRs fixed (one byte too small). 568238104Sdes 569238104Sdes * Added support for RSA/SHA256 and RSA/SHA512, as specified in 570238104Sdes draft-ietf-dnsext-dnssec-rsasha256-04. The typecodes are not 571238104Sdes final, and this feature is not enabled by default. It can be 572238104Sdes enabled at compilation time with the flag --with-sha2 573238104Sdes 574238104Sdes * Added 2wire_canonical family of functions that lowercase dnames 575238104Sdes in rdata fields in resource records of the types in the list in 576238104Sdes rfc3597 577238104Sdes 578238104Sdes * Added base32 conversion functions. 579238104Sdes 580238104Sdes * Fixed DSA RRSIG conversion when calling OpenSSL 581238104Sdes 582238104Sdes Drill: 583238104Sdes 584238104Sdes * Chase output is completely different, it shows, in ascii, the 585238104Sdes relations in the trust hierarchy. 586238104Sdes 587238104Sdes Examples: 588238104Sdes * Added ldns-verify-zone, that can verify the internal DNSSEC records 589238104Sdes of a signed BIND-style zone file 590238104Sdes 591238104Sdes * ldns-keygen now takes an -a argument specifying the algorithm, 592238104Sdes instead of -R or -D. -a list show a list of supported algorithms 593238104Sdes 594238104Sdes * ldns-keygen now defaults to the exponent RSA_F4 instead of RSA_3 595238104Sdes for RSA key generation 596238104Sdes 597238104Sdes * ldns-signzone now has support for HSMs 598238104Sdes * ldns-signzone uses the new ldns_dnssec_ structures and functions 599238104Sdes which improves its speed, and output; RRSIGS are now placed 600238104Sdes directly after their RRset, NSEC(3) records directly after the 601238104Sdes name they handle 602238104Sdes 603238104Sdes Contrib: 604238104Sdes * new contrib/ dir with user contributions 605238104Sdes * added compilation script for solaris (thanks to Jakob Schlyter) 606238104Sdes 607238104Sdes28 Nov 2007 1.2.2: 608238104Sdes * Added support for HMAC-MD5 keys in generator 609238104Sdes * Added a new example tool (written by Ondrej Sury): ldns-compare-zones 610238104Sdes * ldns-keygen now checks key sizes for rfc conformancy 611238104Sdes * ldns-signzone outputs SSL error if present 612238104Sdes * Fixed manpages (thanks to Ondrej Sury) 613238104Sdes * Fixed Makefile for -j <x> 614238104Sdes * Fixed a $ORIGIN error when reading zones 615238104Sdes * Fixed another off-by-one error 616238104Sdes 617238104Sdes03 Oct 2007 1.2.1: 618238104Sdes * Fixed an offset error in rr comparison 619238104Sdes * Fixed ldns-read-zone exit code 620238104Sdes * Added check for availability of SHA256 hashing algorithm 621238104Sdes * Fixed ldns-key2ds -2 argument 622238104Sdes * Fixed $ORIGIN bug in .key files 623238104Sdes * Output algorithms as an integer instead of their mnemonic 624238104Sdes * Fixed a memory leak in dnssec code when SHA256 is not available 625238104Sdes * Updated fedora .spec file 626238104Sdes 627238104Sdes11 Apr 2007 1.2.0: 628238104Sdes * canonicalization of rdata in DNSSEC functions now adheres to the 629238104Sdes rr type list in rfc3597, not rfc4035, which will be updated 630238104Sdes (see http://www.ops.ietf.org/lists/namedroppers/namedroppers.2007/msg00183.html) 631238104Sdes * ldns-walk now support dnames with maximum label length 632238104Sdes * ldnsd now takes an extra argument containing the address to listen on 633238104Sdes * signing no longer signs every rrset with KSK's, but only the DNSKEY rrset 634238104Sdes * ported to Solaris 10 635238104Sdes * added ldns_send_buffer() function 636238104Sdes * added ldns-testpkts fake packet server 637238104Sdes * added ldns-notify to send NOTIFY packets 638238104Sdes * ldns-dpa can now accurately calculate the number of matches per 639238104Sdes second 640238104Sdes * libtool is now used for compilation too (still gcc, but not directly) 641238104Sdes * Bugfixes: 642238104Sdes - TSIG signing buffer size 643238104Sdes - resolv.conf reading (comments) 644238104Sdes - dname comparison off by one error 645238104Sdes - typo in keyfetchers output file name fixed (a . too much) 646238104Sdes - fixed zone file parser when comments contain ( or ) 647238104Sdes - fixed LOC RR type 648238104Sdes - fixed CERT RR type 649238104Sdes 650238104Sdes Drill: 651238104Sdes * drill prints error on failed axfr. 652238104Sdes * drill now accepts mangled packets with -f 653238104Sdes * old -c option (use tcp) changed to -t 654238104Sdes * -c option to specify alternative resolv.conf file added 655238104Sdes * feedback of signature chase improved 656238104Sdes * chaser now stops at root when no trusted keys are found 657238104Sdes instead of looping forever trying to find the DS for . 658238104Sdes * Fixed bugs: 659238104Sdes - wildcard on multiple labels signature verification 660238104Sdes - error in -f packet writing for malformed packets 661238104Sdes - made KSK check more resilient 662238104Sdes 663238104Sdes7 Jul 2006: 1.1.0: ldns-team 664238104Sdes * Added tutorials and an introduction to the documentation 665238104Sdes * Added include/ and lib/ dirs so that you can compile against ldns 666238104Sdes without installing ldns on your system 667238104Sdes * Makefile updates 668238104Sdes * Starting usage of assert throughout the library to catch illegal calls 669238104Sdes * Solaris 9 testing was carried out. Ldns now compiles on that 670238104Sdes platform; some gnuism were identified and fixed. 671238104Sdes * The ldns_zone structure was stress tested. The current setup 672238104Sdes (ie. just a list of rrs) can scale to zone file in order of 673238104Sdes megabytes. Sorting such zone is still difficult. 674238104Sdes * Reading multiline b64 encoded rdata works. 675238104Sdes * OpenSSL was made optional, configure --without-ssl. 676238104Sdes Ofcourse all dnssec/tsig related functions are disabled 677238104Sdes * Building of examples and drill now happens with the same 678238104Sdes defines as the building of ldns itself. 679238104Sdes * Preliminary sha-256 support was added. Currently is your 680238104Sdes OpenSSL supports it, it is supported in the DS creation. 681238104Sdes * ldns_resolver_search was implemented 682238104Sdes * Fixed a lot of bugs 683238104Sdes 684238104Sdes Drill: 685238104Sdes * -r was killed in favor of -o <header bit mnemonic> which 686238104Sdes allows for a header bits setting (and maybe more in the 687238104Sdes future) 688238104Sdes * DNSSEC is never automaticaly set, even when you query 689238104Sdes for DNSKEY/RRSIG or DS. 690238104Sdes * Implement a crude RTT check, it now distinguishes between 691238104Sdes reachable and unreachable. 692238104Sdes * A form of secure tracing was added 693238104Sdes * Secure Chasing has been improved 694238104Sdes * -x does a reverse lookup for the given IP address 695238104Sdes 696238104Sdes Examples: 697238104Sdes * ldns-dpa was added to the examples - this is the Dns Packet 698238104Sdes Analyzer tool. 699238104Sdes * ldnsd - as very, very simple nameserver impl. 700238104Sdes * ldns-zsplit - split zones for parrallel signing 701238104Sdes * ldns-zcat - cat split zones back together 702238104Sdes * ldns-keyfetcher - Fetches DNSKEY records with a few (non-strong, 703238104Sdes non-DNSSEC) anti-spoofing techniques. 704238104Sdes * ldns-walk - 'Walks' a DNSSEC signed zone 705238104Sdes * Added an all-static target to the makefile so you can use examples 706238104Sdes without installing the library 707238104Sdes * When building in the source tree or in a direct subdirectory of 708238104Sdes the build dir, configure does not need --with-ldns=../ anymore 709238104Sdes 710238104Sdes Code: 711238104Sdes * All networking code was moved to net.c 712238104Sdes * rdata.c: added asserts to the rdf set/get functions 713238104Sdes * const keyword was added to pointer arguments that 714238104Sdes aren't changed 715238104Sdes 716238104Sdes API: 717238104Sdes Changed: 718238104Sdes * renamed ldns/dns.h to ldns/ldns.h 719238104Sdes * ldns_rr_new_frm_str() is extented with an extra variable which 720238104Sdes in common use may be NULL. This trickles through to: 721238104Sdes o ldns_rr_new_frm_fp 722238104Sdes o ldns_rr_new_frm_fp_l 723238104Sdes Which also get an extra variable 724238104Sdes Also the function has been changed to return a status message. 725238104Sdes The compiled RR is returned in the first argument. 726238104Sdes * ldns_zone_new_frm_fp_l() and ldns_zone_new_frm_fp() are 727238104Sdes changed to return a status msg. 728238104Sdes * ldns_key_new_frm_fp is changed to return ldns_status and 729238104Sdes the actual key list in the first argument 730238104Sdes * ldns_rdata_new_frm_fp[_l]() are changed to return a status. 731238104Sdes the rdf is return in the first argument 732238104Sdes * ldns_resolver_new_frm_fp: same treatment: return status and 733238104Sdes the new resolver in the first argument 734238104Sdes * ldns_pkt_query_new_frm_str(): same: return status and the 735238104Sdes packet in the first arg 736238104Sdes * tsig.h: internal used functions are now static: 737238104Sdes ldns_digest_name and ldns_tsig_mac_new 738238104Sdes * ldns_key_rr2ds has an extra argument to specify the hash to 739238104Sdes use. 740238104Sdes * ldns_pkt_rcode() is renamed to ldns_pkt_get_rcode, ldns_pkt_rcode 741238104Sdes is now the rcode type, like ldns_pkt_opcode 742238104Sdes New: 743238104Sdes * ldns_resolver_searchlist_count: return the searchlist counter 744238104Sdes * ldns_zone_sort: Sort a zone 745238104Sdes * ldns_bgsend(): background send, returns a socket. 746238104Sdes * ldns_pkt_empty(): check is a packet is empty 747238104Sdes * ldns_rr_list_pop_rr_list(): pop multiple rr's from another rr_list 748238104Sdes * ldns_rr_list_push_rr_list(): push multiple rr's to an rr_list 749238104Sdes * ldns_rr_list_compare(): compare 2 ldns_rr_lists 750238104Sdes * ldns_pkt_push_rr_list: rr_list equiv for rr 751238104Sdes * ldns_pkt_safe_push_rr_list: rr_list equiv for rr 752238104Sdes Removed: 753238104Sdes * ldns_resolver_bgsend(): was not used in 1.0.0 and is not used now 754238104Sdes * ldns_udp_server_connect(): was faulty and isn't really part of 755238104Sdes the core ldns idea any how. 756238104Sdes * ldns_rr_list_insert_rr(): obsoleted, because not used. 757238104Sdes * char *_when was removed from the ldns_pkt structure 758238104Sdes 759238104Sdes18 Oct 2005: 1.0.0: ldns-team 760238104Sdes * Commited a patch from H��kan Olsson 761238104Sdes * Added UPDATE support (Jakob Schlyter and H��kan Olsson) 762238104Sdes * License change: ldns is now BSD licensed 763238104Sdes * ldns now depends on SSL 764238104Sdes * Networking code cleanup, added (some) server udp/tcp support 765238104Sdes * A zone type is introduced. Currently this is a list 766238104Sdes of RRs, so it will not scale well. 767238104Sdes * [beta] Zonefile parsing was added 768238104Sdes * [tools] Drill was added to ldns - see drill/ 769238104Sdes * [tools] experimental signer was added 770238104Sdes * [building] better check for ssl 771238104Sdes * [building] major revision of build system 772238104Sdes * [building] added rpm .spec in packaging/ (thanks to Paul Wouters) 773238104Sdes * [building] A lot of cleanup in the build scripts (thanks to Jakob Schlyter 774238104Sdes and Paul Wouters) 775238104Sdes 776238104Sdes28 Jul 2005: 0.70: ldns-team 777238104Sdes * [func] ldns_pkt_get_section now returns copies from the rrlists 778238104Sdes in the packet. This can be freed by the user program 779238104Sdes * [code] added ldns_ prefixes to function from util.h 780238104Sdes * [inst] removed documentation from default make install 781238104Sdes * Usual fixes in documentation and code 782238104Sdes 783238104Sdes20 Jun 2005: 0.66: ldns-team 784238104Sdes Rel. Focus: drill-pre2 uses some functions which are 785238104Sdes not in 0.65 786238104Sdes * dnssec_cd bit function was added 787238104Sdes * Zone infrastructure was added 788238104Sdes * Usual fixes in documentation and code 789238104Sdes 790238104Sdes13 Jun 2005: 0.65: ldns-team 791238104Sdes * Repository is online at: 792238104Sdes http://www.nlnetlabs.nl/ldns/svn/ 793238104Sdes * Apply reference copying throuhgout ldns, except in 2 794238104Sdes places in the ldns_resolver structure (._domain and 795238104Sdes ._nameservers) 796238104Sdes * Usual array of bugfixes 797238104Sdes * Documentation added 798238104Sdes * keygen.c added as an example for DNSSEC programming 799238104Sdes 800238104Sdes23 May 2005: 0.60: ldns-team 801238104Sdes * Removed config.h from the header installed files 802238104Sdes (you're not supposed to include that in a libary) 803238104Sdes * Further tweaking 804238104Sdes - DNSSEC signing/verification works 805238104Sdes - Assorted bug fixes and tweaks (memory management) 806238104Sdes 807238104SdesMay 2005: 0.50: ldns-team 808238104Sdes * First usable release 809238104Sdes * Basic DNS functionality works 810238104Sdes * DNSSEC validation works 811