Lines Matching +full:- +full:- +full:disable +full:- +full:man
6 - Merge #281: Proxy protocol. An implementation of PROXYv2 for NSD.
7 It can be configured with proxy-protocol-port: portnum with the
10 - Merge #301: improve the logging of ixfr fallbacks to axfr.
11 - Merge #305: faster stats. Statistics can be gathered while a reload
14 - Merge #282: Improve nsd.conf man page.
15 - Fix unused but set variable warning.
16 - Fix #283: Compile failure in remote.c when --disable-bind8-stats
17 and --without-ssl are specified.
18 - Fix #284: dnstap_collector.c: SOCK_NONBLOCK is not available on
20 - Fix unused variable warning in unit test of udb.
21 - Merge #287: Update nsd.conf.5.in.
22 - Fix autoconf 2.69 warnings in configure.
23 - Merge #295: Update e-mail addresses, add ref to support contracts
24 - Fix for interprocess communication to set quit sync command from
26 - Fix processing of consolidated IXFRs.
27 - Remove on-disk database.
28 - Answer first query for connections accepted just before reload.
29 - Fix: Always instate write handler after reading a query over TCP.
30 - Fix #14: Set timeout to 3s when servicing remaining TCP connections.
31 - Merge #302: Test package fixes. Correct Auxfiles, kill_from_pidfile
32 function and fix drop_updates, rr-test and xfr_update tests.
33 - Fix unit test kill_from_pidfile function for nonexistent files
35 - Fix rr-test to also convert the contents of the just written output
37 - Fix test set to remove -f nsd.db and rm nsd.db commands.
38 - Fix test set to remove difffile option.
43 - Merge #263: Add bash autocompletion script for nsd-control.
44 - Fix #267: Allow unencrypted local operation of nsd-control.
45 - Merge #269 from Fale: Add systemd service unit.
46 - Fix #271: DNSTAP over TCP, with dnstap-ip: "127.0.0.1@3333".
47 - dnstap over TLS, default enabled. Configured with the
48 options dnstap-tls, dnstap-tls-server-name, dnstap-tls-cert-bundle,
49 dnstap-tls-client-key-file and dnstap-tls-client-cert-file.
51 - Fix #239: -Wincompatible-pointer-types warning in remote.c.
52 - Fix configure for -Wstrict-prototypes.
53 - Fix #262: Zone(s) not synchronizing properly via TLS.
54 - Fix for #262: More error logging for SSL read failures for zone
56 - Merge #265: Fix C99 compatibility issue.
57 - Fix #266: Fix build with --without-ssl.
58 - Fix for #267: neater variable definitions.
59 - Fix #270: reserved identifier violation.
60 - Fix to clean more memory on exit of dnstap collector.
61 - Fix dnstap to not check socket path when using IP address.
62 - Fix to compile without ssl with dnstap-tls code.
63 - Dnstap tls code fixes.
64 - Fix include brackets for ssl.h include statements, instead of quotes.
65 - Fix static analyzer warning about nsd_event_method initialization.
66 - Fix #273: Large TXT record breaks AXFR.
67 - Fix ixfr create from adding too many record types.
68 - Fix cirrus script for submit to coverity scan to libtoolize
70 - Fix readme status badge links.
71 - make depend.
72 - Fix for build to run flex and bison before compiling code that needs
74 - Fix to remove unused whitespace from acx_nlnetlabs.m4 and config.h.
75 - For #279: Note that autoreconf -fi creates the configure script
77 - Fix unused variable warning in unit test, from clang compile.
78 - Fix #240: Prefix messages originating from verifier.
79 - Fix #275: Drop unnecessary root server checks.
84 - Set ALPN "dot" token during connection establishment as per RFC9103
86 - Add SVCB dohpath support
88 - Fix static analyzer reports, fix wrong log print when skipping xfr,
91 - Use AC_PROG_CC_STDC with autoconf versions prior to 2.70.
92 - Add missing documentation for zone verification.
93 - Fix #212: Change commandline control actions to always log.
94 - Merge #231 from moritzbuhl: Fix checking if nonblocking sockets work
96 - Change zone parsing to accept non-trailing newline.
101 - Port zone-verification from CreDNS to NSD4.
103 - Fix static analyzer reports on ixfrcreate temp file.
104 - Fixup wrong ixfrcreate fread return check.
109 - Merge PR #209: IXFR out
112 The options store-ixfr: yes and create-ixfr: yes can be used to
113 turn this on. Default is turned off. The options ixfr-number and
114 ixfr-size can be used to tune the number of IXFR transfers and
122 If offline, nsd-checkzone -i can create ixfr files.
129 - Fix code analyzer zero divide warning.
130 - Fix code analyzer large value with assertion.
131 - Fix another code analyzer zero divide warning.
132 - Fix code analyzer warning about uninitialized temp storage in loop.
133 - Fix spelling error in comment in svcbparam_lookup_key.
134 - Update cirrus script FreeBSD version.
139 - Merge #193: Lower memory usage of the XFRD process by default.
142 same as before. xfrd-tcp-max sets the number of sockets for tcp
144 xfrd-tcp-pipeline the number of simultaneous transfers over the
147 - Fix #200: nsd-checkzone succeeds even with incorrect serial in SOA
149 - Merge #204 from jonathangray: correct some spelling mistakes.
150 - Fix to change file mode before changing file owner for the
151 nsd-control unix socket file.
152 - Fix to document nsd-checkzone -p in the man page for nsd-checkzone.
153 - Fix #206: build with --without-ssl fails.
154 - Merge #207 Sync nsd-control-setup with unbound-control-setup to
156 - Fix unit tests for nds-control-setup exit code and the
157 xfrd-tcp-max default.
162 - Fix #198: nsd-control reconfig core dump.
163 - Fix to remove git tracking and ci information from release tarballs.
164 - Fix unit tests for new answer-cookie default.
165 - Fix socket_partitioning unit test for FreeBSD.
166 - Fix SVCB test to work around older dig with drill.
171 - Merge #185 by cesarkuroiwa: Mutual TLS.
172 - Set default for answer-cookie to no. Because in server deployments
175 - Fix to compile with OpenSSL 3.0.0beta2.
176 - Fix configure detection of SSL_CTX_set_security_level.
177 - Fix deprecated functions use from openssl 3.0.0beta2.
178 - For #184: Note that all zones can be targeted by some nsd-control
179 commands in the man page.
180 - Fixes for #185: Document client-cert, client-key and client-key-pw
181 in the man page. Fix yacc semicolon. Fix unused variable warning.
184 - Merge #187: Support using system-wide crypto policies.
185 - Fix #188: NSD fails to build against openssl 1.1 on CentOS 7.
186 - Fix sed script in ssldir split handling.
187 - Fix #189: nsd 4.3.7 crash answer_delegation: Assertion
188 `query->delegation_rrset' failed.
189 - Fix #190: NSD returns 3 NSEC3 records for NODATA response.
190 - Fix compile failure with openssl 1.0.2.
191 - Fix #194: Incorrect NSEC3 response for SOA query below delegation
197 - Syntax of SVCB and HTTPS RR type as per draft-ietf-dnsop-svcb-https
198 - Client side DNS Zone Transfer-over-TLS (XoT) support as per
199 draft-ietf-dprive-xfr-over-tls
200 - Interoperable DNS Cookies support as per RFC7873 and RFC9018
202 - Fix for #170: Fix build warnings when IPv6 is disabled.
203 - Fix #170: Disabled IPv6 and DNSTAP enabled triggers a build error.
204 - Fix for #128: Skip over sendmmsg invalid argument when port is zero.
205 - Fix #171: Invalid negative response (NSEC3) after IXFR.
206 - Fix to make nsec3_chain_find_prev return NULL if one nsec3 left.
207 - Fix #174: NS Records below delegation are not ignored (nsd-checkzone
209 - Fix #176: please review Loglevel on missing zonefile.
210 - Update the ACX_CHECK_NONBLOCKING_BROKEN test for the configure
212 - Fix #179: log notice and server-count.
213 - Update configure nonblocking test to use host.
214 - Fix #168: Buffer overflow in the dname_to_string() function
215 - Fixes for child server processes getting out of sync with the
216 dnstap-collector process
217 - Fix gcc-11 warning on array bounds.
218 - Fix compile of cookies on FreeBSD without IPv6.
219 - Fix for loop initial declaration for nonc99 compiler
220 - Fix typo in xfrd-tcp.c.
225 - Fix #146 with #147: DNSTAP log the local address of the server
227 - Enable configuring a control-interface by interface name.
228 - A -p option to nsd-checkzone to print a successfully read zone.
229 - Add Extended DNS Errors RFC8914
230 - Per zone Access Control List for queries
231 with an allow-query: option.
233 - Prevent a few more yacc clashes.
234 - Merge PR #153 from fobser: Repair -fno-common linker errors
236 - Fix uninitialized access of log_buf in error printout on apply ixfr.
237 - Fix AF_LOCAL compile error for Solaris.
238 - Fix ifaddrs compile error for Solaris.
239 - Fix ifaddrs.h compile error for Solaris.
240 - Man page documentation for dnstap options.
241 - Fix segfault on high verbosity for TLS channels with dnstap log
243 - Fix #163: A TSIG noncompliance with RFC 2845.
244 - Fix that wildcard is printed as a star instead of escaped, in
246 - Fix double config.h include in configlexer.c
247 - Fix to remove configyyrename from makedist.sh and also
249 - Fix configure to use header checks with compile.
250 - Fix warning about unused function log_addr.
251 - Fix #154: TXT with parentheses fails in 4.3.5.
252 - Align parsing of TXT elements with how bind does it.
253 - Fix configure failure for enable systemd because of autoconf.
259 - Fix #143: xfrd no hysteresis with NOT IMPLEMENTED rcode.
260 - Fix #144: Typo fix in nsd.conf.5.in.
261 - For #145: Fix that service of remaining TCP and TLS connections
265 - Fix that nsd-control has timeout when connection is down.
266 - remove windows socket ifdefs from nsd-control.
267 - Fix #148: CNAME need not be followed after a synthesized CNAME
269 - Fix configure.ac for autoconf 2.70.
270 - Fix #150: TXT record validation difference with BIND.
271 - Fix #151: DNAME not applied more than once to resolve the query.
272 - Fix #152: '*' in Rdata causes the return code to be NOERROR instead
279 - Merge PR #141: ZONEMD RR type.
281 - Fix #129: ambiguous use of errno, in log message if sendmmsg fails.
282 - Fix #128: Fix that the invalid port number is logged for sendmmsg
284 - Fix #127: two minor `-Wcast-qual` cleanups
285 - Fix #126: minor header hygiene
286 - Fix #125: include config.h in compat/setproctitle.c and fix
288 - Fix #133: fix 0-init of local ( stack ) buffer.
289 - Fix missing parenthesis on size of fix to init buffer.
290 - Fix #134: IPV4_MINIMAL_RESPONSE_SIZE vs EDNS_MAX_MESSAGE_LEN.
291 - Fix to add missing closest encloser NSEC3 for wildcard nodata type
293 - Remove unused init_cfg_parse routine from configlexer.
294 - Fix #138: NSD returns non-EDNS answer when QUESTION is empty.
295 - Fix #142: NODATA answers missin SOA in authority section after
297 - Fix for CVE-2020-28935 : Fix that symlink does not interfere
304 - Follow DNS flag day 2020 advice and
306 - Merged PR #113 with fixes. Instead of listing an IP-address to
308 ip-address: eth0. The IP-addresses for that interface are then used.
309 - Port TSIG code for openssl 3.0.0-alpha6.
311 - Fix make install with --with-pidfile="".
312 - Merge #115 from millert: Fix strlcpy() usage. From OpenBSD.
313 - Merge #117: mini_event.h (4.3.2 and 4.3.1) on OpenBSD cannot find
314 fd_set - patch.
315 - Fix that configure checks for EVP_sha256 to detect openssl, because
317 - Fix #119: fix compile warnings from new gcc.
318 - Fix #119: warn when trying to parse a directory.
319 - Merge PR #121: Increase log level of recreated database from
321 - Remove unused space from LIBS on link line.
322 - Updated date in nsd -v output.
328 - Fix #96: log-only-syslog: yes sets to only use syslog, fixes
331 - Fix #107: nsd -v shows configure line, openssl version and libevent version.
332 - Fix #103 with #110: min-expire-time option. To provide a lower
336 - Fix for posix shell syntax for trap in nsd-control-setup
337 - Fix to omit the listen-on lines from log at startup, unless verbose.
338 - Fix uninitialised values for bindtodevice option at startup with
340 - Fix #95: Removed make test check because tpkg not included in
342 - Fix unused parameter compile warnings.
343 - Fix #97: EDNS unknown version: query not in response.
344 - Fix #99: Fix copying of socket properties with reuseport enabled.
345 - Document default value for tcp-timeout.
346 - Merge PR#102 from and0x000: add missing default in documentation
347 for drop-updates.
348 - Fix unlink of pidfile warning if not possible due to permissions,
350 - Removed contrib/nsd.service, example is too complicated and not
352 - Do not log EAGAIN errors for sendmmsg, to stop log spam on OpenBSD.
353 - Merge #108 from Nomis: Make the max-retry-time description clearer.
354 - Retry when udp send buffer is full to wait until buffer space is
356 - Remove errno reset behaviour from sendmmsg and recvmmsg
358 - Fix unit test for different nsd-control-setup -h exit code.
359 - Merge #112 from jaredmauch: log old and new serials when NSD
361 - Fix #106: Adhere better to xfrd bounds. Refresh and retry times.
362 - Fix #105: Clearing hash_tree means just emptying the tree.
368 - Fix #70: error: 'fd_set' undeclared.
369 - Fix #71: error: 'for' loop initial declaration used outside C99
371 - Fix to move declarations out of for loops in event test too.
372 - Fix #76: cpuid typedef for Hurd, DragonflyBSD compile.
373 - Fix #75: configure test for sched_setaffinity, and use
375 - Fix #74: GNU Hurd fix cast from pointer to integer of different size.
376 - Fix for #74, #75: cpuset test for header contents and provide code.
377 - Fix #78: Fix SO_SETFIB error on FreeBSD.
378 - Merge PR #83 from noloader: Fix GNU HURD sched_setaffinity compile.
379 - Fix #80: NetBSD and implicit declaration of reallocarray.
380 - Fix unknown u_long in util.c for Issue #80 .
381 - Merge PR #86 from noloader: Use precious variables for GREP, EGREP,
383 - For PR #86: Fix that programs loaded after CFLAGS and stuff is
385 special flags from that. Fix that lex only needs to support -i
388 - Merge PR #90 by phicoh: O_CLOEXEC should be FD_CLOEXEC.
389 - Merge PR #92 by tonysgi: Fix typo.
390 - Merge PR #91 by gearnode: nsd-control-setup recreate certificates.
391 The '-r' option recreates certificates. Without it it creates them
398 - Fix to use getrandom() for randomness, if available.
399 - Fix #56: Drop sparse TSIG signing support in NSD.
401 draft-ietf-dnsop-rfc2845bis-06, Section 5.3.1.
402 - Merge pull request #59 from buddyns: add FreeBSD support
403 for conf key ip-transparent.
404 - Add feature to pin server processes to specific cpus.
405 - Add feature to pin IP addresses to selected server processes.
406 - Set process title to identify individual processes.
407 - Merge PR#22: minimise-any: prefer polular and not large RRset,
409 - Add support for SO_BINDTODEVICE on Linux.
410 - Add support for SO_SETFIB on FreeBSD.
411 - Add feature to drop queries with opcode UPDATE.
413 - Fix fname null check of fname in namedb_read_zonefile.
414 - Fix implicit cast of size in udb_radnode_array_grow.
415 - Fix ignore of return value of ssl_printf in remote.c.
416 - Fix unused check of fd in parent_handle_reload_command.
417 - Attempt to fix signedness of nscount lookup in ixfr query_process.
418 - Fix identical branches for ssl_print of errors in remote.c.
419 - Fix type cast bounds, signedness of opt_rdlen in edns_parse_record.
420 - Fix to separate header and data lines in parse_zone_list_file.
421 - Fix to define max number of EDNS records we are willing to
423 - Fix size of string len and capacity type cast in udbradtree.
424 - Fix to protect rrcount in tsig_find_rr from overflow.
425 - Annotate radix_find_prefix_node not reachable trail code.
426 - Fix to protect rrcount in packet_find_notify_serial from overflow.
427 - Fix to close socket on error in create_tcp_accept_sock.
428 - Fix to log on failure to chmod for socket for remote control.
429 - Fix to remove unneeded if in open of socket for remote control.
430 - Fix to restore input parameter on call failure in create_dirs.
431 - Please checker by terminating and initialising string read
433 - Fix to define upper bounds on rr counts read from untrusted packet
435 - Separate acl_addr_match_range functions for ip4 and ip6, to
437 - Avoid unused variable warning in new match_range_v4 function.
438 - Fix whitespace in nsd.conf.sample.in, patch from Paul Wouters.
439 - use-systemd is ignored in nsd.conf, when NSD is compiled with
441 - Note that use-systemd is not necessary and ignored in man page.
442 - Fix unreachable code in ssl set options code.
443 - Fix bad shift in assertion code analyzer complaint.
444 - Fix responses for IXFR so that the authority section is not echoed
446 - Merge PR#60: Minor portability fixes from michaelforney, with
448 - Fix that the retry wait does not exceed one day for zone transfers.
450 - Set FD_CLOEXEC on opened sockets.
456 - Fix #48: Add make distclean that removes config.h made by configure.
457 And add maintainer-clean that removes bison and flex output.
459 - Detect fixed time memcmp for openssl 0.9.8 compatibility.
460 - Detect EC_KEY_new_by_curve_name for openssl 0.9.8.
461 - include limits.h for UINT_MAX.
462 - If no recvmmsg, dont use msg_flags member, but errno for error,
465 - Remove unused variable warning for portability.
466 - Fix #52: do not log transient network full errors unless higher
468 - Fix regressions in configparser.y where global variables were not
469 set for minimal-responses, round-robin and log-time-ascii.
475 - For #39: confine-to-zone configures NSD to not return out-of-zone
477 - For #21: pidfile "" allows to run NSD without a pidfile, for
479 - For #21 add
484 - Fix #35: excessive logging of ixfr failures, it stops the log when
486 - Fixup warnings during --disable-ipv6 compile.
487 - The nsd.conf includes are sorted ascending, for include statements
489 - Fix #38: log address and failure reason with tls handshake errors,
491 - Fixup clang analysis warning in xfrd_parse_received_xfr_packet
494 - Number of different UDP handlers has been reduced to one. recvmmsg
498 - Socket options are now set in designated functions for easy reuse.
499 - Socket setup has been simplified for easy reuse.
500 - Configuration parser is now aware of the context in which an option
502 - Fix #44: document that remote-control is a top-level nsd.conf
509 - Fix #20: CVE-2019-13207 Stack-based Buffer Overflow in the
513 - Fix #19: Out-of-bounds read caused by improper validation of
516 - PR #23: Fix typo in nsd.conf man-page.
517 - Fix that NSD warns for wrong length of the hash in SSHFP records.
518 - Fix #25: NSD doesn't refresh zones after extended downtime,
520 - Set no renegotiation on the SSL context to stop client
522 - Fix #29: SSHFP check NULL pointer dereference.
523 - Fix #30: SSHFP check failure due to missing domain name.
524 - Fix to timeval_add in minievent for remaining second in microseconds.
525 - PR #31: nsd-control: Add missing stdio header.
526 - PR #32: tsig: Fix compilation without HAVE_SSL.
527 - Cleanup tls context on xfrd exit.
528 - Fix #33: Fix segfault in service of remaining streams on exit.
529 - Fix error message for out of zone data to have more information.
535 - Added num.tls and num.tls6 stat counters.
536 - PR #12: send-buffer-size, receive-buffer-size,
537 tcp-reject-overflow options for nsd.conf, from Jeroen Koekkoek.
538 - Fix #14, tcp connections have 1/10 to be active and have to work
543 - Fix #13: Stray dot at the end of some log entries, removes dot
545 - Fix TLS cipher selection, the previous was redundant, prefers
546 CHACHA20-POLY1305 over AESGCM and was not as readable as it
548 - Consolidate server tls context create and remote control context
550 - Fix to init event structure for reassignment.
551 - Fix to init event not pointer, in reassignment.
552 - Fix #15: crash in SSL library, initialize variables for TCP access
554 - Fix tls handshake event callback function mistake, reported
556 - Initialize event structures before event_set, to stop uninitialized
559 - Do not use symbol from libc, instead use own replacement, if not
561 - Fix output of nsd-checkconf -h.
567 - Print IP address when bind socket fails with error.
568 - Fix #4249: The option hide-identity: yes stops NSD from responding
571 - Patch to add support for TCP Fast Open, from Sara
573 - Patch to add support for tls service on a specified tls port,
575 - Use travis for build check, initial unit test and clang analysis.
576 - TLS OCSP stapling support, enabled with tls-service-ocsp: filename,
579 - Fix to delete unused zparser.default_apex member.
580 - Fix that the TLS handshake routine sets the correct event to
582 - Fix that TLS renegotiation calls the read and write routines again
584 - Fix that TCP Fastopen has better error message and supports OSX.
585 - Fix to avoid buffer alloc with global buffer in tls write handler.
586 - Fix to initialize event structure when accepting TCP connection.
587 - Disable TLS1.0, TLS1.1 and weak ciphers, enable
589 - further setup ssl ctx after the keys are loaded, for ECDH.
590 - Fix #10: Fix memory leaks caused by duplicate rr and include
592 - Fix to define _OPENBSD_SOURCE to get reallocarray on NetBSD.
598 - Deny ANY with only one RR in response, by default. Patch from
599 Daisuke Higashi. The deny-any statement in nsd.conf sets ANY
603 - Fix #4215: on-the-fly change of TSIG keys with patch from Igor, adds
604 nsd-control print_tsig, update_tsig, add_tsig, assoc_tsig
609 - Fix #4213: disable-ipv6 and dnstap compile error.
610 - Fix to reduce region_log_stats if condition, this removes a
612 - Fix for FreeBSD port with dnstap enabled.
613 - Fix to remove unused code.
614 - Fix #6: nsd-control-setup: Change validity time to a shorter
616 - Fix unused definition in header remote.h.
617 - Fix #4236: IPV4_MINIMAL_RESPONSE_SIZE=1480 is slightly too big.
618 - Fix #4235: IP_PMTUDISC_OMIT on IPv4/UDP sockets.
619 - Fixed radtree_insert memory leak.
620 - Fixed access recycled variable.
626 - DNSTAP support for NSD, --enable-dnstap and then config in nsd.conf.
627 - Support SO_REUSEPORT_LB in FreeBSD 12 with the reuseport: yes
629 - Added nsd-control changezone. nsd-control changezone name pattern
633 - Fix #4194: Zone file parser derailed by non-FQDN names in RHS of
635 - Fix #4202: nsd-control delzone incorrect exit code on error.
636 - Tab style fix to use tab for 8 spaces, from Xiaobo Liu.
637 - Fix #4205: enable-recvmmsg in mixed IPv4/IPv6 environment fails.
639 - Fix to not set GLOB_NOSORT so the nsd.conf include: files are
641 - Fix #3433: document that reconfig does not change per-zone stats.
647 - nsd-control prints neater errors for file failures.
649 - Fix that nsec3 precompile deletion happens before the RRs of
651 - Fix printout of accepted remote control connection for unix sockets.
652 - Fix use_systemd typo/leftover in remote.c.
653 - Fix codingstyle in nsd-checkconf.c in patch from Sharp Liu.
654 - append_trailing_slash has one implementation and is not repeated
656 - Fix coding style in nsd.c
657 - Fix to combine the same error function into one, from Xiaobo Liu.
658 - Fix initialisation in remote.c.
659 - please clang analyzer and fix parse of IPSECKEY with bad gateway.
660 - Fix nsd-checkconf fail on bad zone name.
661 - Annotate exit functions with noreturn.
662 - Remove unused if clause during server service startup.
663 - Fix #4156: Fix systemd service manager state change notification
671 - #4102: control interface via local socket.
672 configure it with control-interface: "/path/nsd.ctl" The path
676 - configure --enable-systemd (needs pkg-config and libsystemd) can
677 be used to then use-systemd: yes in nsd.conf and have readiness
679 - RFC8162 support, for record type SMIMEA.
681 - Patch to fix openwrt for mac os build darwin detection in configure.
682 - Fix that first control-interface determines if TLS is used. Warn
684 - #4106: Fix that stats printed from nsd-control are recast from
686 - Fix that type CAA (and URI) in the zone file can contain
688 - #4133: Fix that when IXFR contains a zone with broken NSEC3PARAM
695 - Fix NSD time sensitive TSIG compare vulnerability.
701 - refuse-any sends truncation (+TC) in reply to ANY queries over UDP,
703 - Use accept4 to speed up answer of TCP queries, on Linux, FreeBSD
706 - Fix nsec3 hash of parent and child co-hosted nsec3 enabled zones.
707 - Fix to use same condition for nsec3 hash allocation and free.
713 - --enable-memclean cleans up memory for use with memory checkers,
715 - refuse-any nsd.conf option that refuses queries of type ANY.
716 - lower memory usage for tcp connections, so tcp-count can be higher.
718 - Fix unused variable warnings and uninit variable in statistics
720 - Fix spelling error in xfr-inspect.
721 - Fix #3562: explain build error when flex missing.
722 - Fix buffer size warnings from compiler on filename lengths.
723 - Fix #4093: Release notes not using 2018.
729 - Fix memory leak in zone file read of unknown rr formatted RRs.
730 - Fix memory leak when rehashing nsec3 after axfr or zonefile read,
737 - ignore fallthrough compiler warning in flex EOF rule.
738 - Fix warnings emitted by clang for --enable-packed. Alignment is not
741 - Fix spelling error in xfr-inspect.
742 - Fix 3392: Fix regression in 4.1.18 for notify lists with ip4
744 - Add test for support of -Wno-address-of-packed-member for
745 --enable-packed.
751 - xfr-inspect, it is not installed, it prints xfr files from /tmp
752 made with 'make xfr-inspect' in the source dir.
753 - retry timeout between sending notifies dropped from 15 to 3 sec.
754 - NSD sends 16 notifies simultaneously.
755 - configure --enable-packed reduces memory usage, at expense of
757 - Save memory by selectively allocate precompiled nsec3 hashes,
759 - make ip-transparent option work on OpenBSD.
760 - Save about 2% memory by changing usage count size in name tree.
761 - Fix #2871: Increase number of sockets for xfrd transfers.
763 - Fix gcc 7.1.1 warnings.
764 - Fix writev compile warning on FreeBSD.
765 - Fix #1446: A corrupted zone file "propagates" to good ones.
766 - nsd-control zonestatus prints wait time between attempts, for zones
768 - Fix collision printout of nsec3 to print name, hash and reverse.
769 - Fix #1567: Change crit to err log level for gettimeofday failure.
771 - Fix crash for DS query when parent and child zones both configured
778 - zone parser parses type AVC (it has TXT format).
779 - Fix #1272: use writev to put tcp length field with data for outgoing
782 - Fix potential null pointer in nsec3 adjustment tree.
783 - Fix text format of deletes for CDS and CDNSKEY, single 0 to represent
790 - zone parser can parse acronyms for algorithms ED25519 and ED448.
791 - Fix 1243: Option to make NSD emit really minimal responses,
792 minimal-responses: yes in nsd.conf.
794 - Calculate new udb index after growing the array, fix from
796 - Fix missing _t to _type conversion for disable-radix-tree option.
797 - Printout serial error with hint it may be too big.
798 - Fix 1228: OpenSSL include is not guarded with HAVE_SSL
799 - Patch for expire state in multi-master when masters includes
801 - minor manpage fix.
807 - Fix nsd-control and ipv6 only.
808 - Squelch zone transfer error address family not supported by protocol
810 - Fix #1195: Fix so that NSD fails on non-compliant values for Serial.
811 - Fix to rename _t typedefs because POSIX reserves them.
812 - Fix that nsec3 hash collisions only reported on verbosity level 3.
818 - Fix #1132 for SERVFAIL zones perform backoff, and remembers the
821 - Fix null memcpy for radixtree with single link element.
822 - Robust fix against missing master in tcp_open for xfrd.
823 - Fix wildcards in include: config statements with chroot enabled.
824 - suppress compile warning in lex files.
825 - Fix to try every master once, then wait for timeout or notify.
826 - Save backoff timeout into xfrd.state file, this file has a higher
829 - Fix restart of zone transfers when new config becomes available.
835 - multi-master-check: yes can be used to check all masters for the
838 - Support RR type OPENPGPKEY from RFC 7929.
839 - Can config key algorithms with the digest name, eg. 'sha256'.
840 - configure --disable-radix-tree for about 15% lower memory usage.
841 - for type SRV add A/AAAA to the additional section (if possible),
843 - more extensible edns option handling.
845 - Fix compile warnings about unused result from write and strtol.
847 - Fix #812: fix that make depend fails after distribution.
848 - Fix #817: xfrd update failed loop.
849 - Add robustness against unallocated data in nsec3 trees.
850 - Fix README spelling error of BSD license (reported by Joerg Jung).
851 - Fix multimaster for not tried full zone transfer for a expired zone.
852 - Fix #827: fix compile with openssl 1.1.0 with api=1.1.0.
858 - Fix malformed edns query assertion failure, reported by
865 - When tcp is more than half full, use short timeout for tcp session.
866 - Patch for {max,min}-{refresh,retry}-time from YAMAGUCHI Takanori.
867 - Fix #790: size-limit-xfr can stop NSD from downloading infinite zone
868 transfer data size, from Toshifumi Sakaguchi. Fixes CVE-2016-6173
871 - Fix build without IPv6, patch from Zdenek Kaspar.
872 - Fix #783: Trying to run a root server without having configured it
874 - Fix #782: Serve DS record but parent zone has no NS record.
875 - Fix nsec3 missing for nsec3 signed parent and child for DS at zonecut.
881 - ip-freebind: yesno option in nsd.conf sets IP_FREEBIND socket option
883 - NSD includes AAAA before A for queries over IPV6 (in delegations).
886 - print notice that nsd is starting before taking off.
888 - Fix for openssl 1.1.0, HMAC_CTX size not exported from openssl.
889 - Fix #751: NSD fails to occlude names below a DNAME.
890 - If set without nsd.db print "" as the default in the man pages.
891 - Fix #755: NSD spins after a zone update and a lot of TCP queries.
892 - Fix for NSEC3 with zone signed without exact match for empty
894 - #772 Document that recvmmsg has IPv6 problems on some linux kernels.
900 - Change the nsd.db file version because of nanosecond precision fix.
906 - #732: tcp-mss, outgoing-tcp-mss options for nsd.conf, patch
908 - #739: zonefile changes when mtime is small are detected on reload,
910 - RR type CSYNC (RFC7477) syntax is supported.
912 - take advantage of arc4random_uniform if available, patch from
914 - Fix flto check for OSX clang.
915 - Define _DEFAULT_SOURCE with _BSD_SOURCE for glibc 2.20 on Linux.
916 - Fix #736: segfault during zone transfer.
917 - Fix #744: Fix that NSD replies for configured but unloaded zone
924 - support configure --with-dbfile="" for nodb mode by default, where
926 - reuseport: no is the default, because the feature is not troublefree.
927 - configure --enable-ratelimit-default-is-off with --enable-ratelimit
929 - version: "string" option to set chaos version query reply string.
931 - Fix zones updates from nsd parent event loop when there are a lot
933 - portability fixes.
934 - patch from Doug Hogan for SSL_OP_NO_SSLvx options, for the new
936 - updated contrib/nsd.spec, from Bálint Szigeti, with new configure
938 - Allocate less memory for TSIG digest.
939 - Fix #721: Fix wrong error code (FORMERR) returned for unknown
941 - Fix zonec ttl mismatch printout to include more information.
942 - Fix TCP responses when REUSEPORT is in use by turning it off.
943 - Document default in manpage for rrl-slip, ip4 and 6 prefixlength.
944 - Explain rrl-slip better in documentation.
945 - Document that ratelimit qps and slip are updated in reconfig.
946 - Fix up defaults in manpage.
952 - Fix #701: Fix that AD=1 set in a BADVERS response.
953 - Fix typo in zonec.c inside error message.
954 - Fix #711: Document that debug-mode yes is used for staying
956 - Document verbosity 3 prints more information.
957 - nsd-checkconf warns for master zones with no zonefile statement.
958 - Fix start failure when many file descriptors are in use.
959 - The servfail rcode is not printed with a space in the middle.
960 - print failed token for config syntax error or parse error.
966 - Fix #706: default port 53 not opened on ip4 because of getaddrinfo
973 - RFC7553 RR Type URI support.
974 - removed hardcoded interface limit, --with-max-ips removed.
975 - SO_REUSEPORT support, by default on Linux, or with reuseport: yes.
976 - Admitted axfrs are logged at verbosity 1. Refused at verbosity 2.
977 - --enable-pie and --enable-relro-now options for a safer executable.
979 - Fix NSID response for short edns sizes.
980 - Fix that for expired zones NSD performs an AXFR and accepts newer
982 - Document that minimal responses only minimizes responses to fit
984 - Fix #618: documented need to list ip-addresses separately in
987 - Fix that notify from nsd-control contains soa serial.
988 - Fix #698 formatting errors and typos in nsd.8.in.
994 - nsd-control addzones and delzones read list of zones from stdin.
995 - hmac sha224, sha384 and sha512 support, patch from David Gwynne.
996 - max-interfaces raised to 32.
998 - Fix #665: when removing subdomain, nsd does not reparse parent zone.
999 - Fix task and zonestat files to be stored in a subdirectory in tmp
1001 - Fix crash in zone parser for relative dname after error in origin.
1002 - Fix that formerrors are ratelimited.
1008 - Incoming notifies have serial number logged (at verbosity 1).
1010 - Remove some duplicate header includes (from Brad Smith).
1011 - Fix tcp waiting list for zone transfers where the bind and connect
1013 - Fix segfault in zone reader on invalid input. (thanks John Van de
1015 - Fix segfault on double origin in zone reader (thanks John Van de
1017 - Fix b64pton out of bounds error on invalid zonefile input.
1019 - Fix origin directive from unused old value and subdomain parser
1021 - Fix use after free after zonefile syntax error followed by ttl
1023 - Fix syntax error followed by too many TXT elements parse crash
1025 - Fix buffer overflow in config parse of domain name,
1027 - Use reallocarray for integer overflow protection, patch submitted
1029 - Fix allocation integer overflow checks.
1030 - Fix #654: Fix contradiction in notify logging verbosity level.
1031 - Fix #655: Fix contradiction in verbosity for zone transfers.
1032 - Made log message more consistent, changed 'axfr refused' log message
1034 - verbosity 2 logs axfr refused and notify refused.
1041 - RFC 7344: CDS and CDNSKEY (read record types).
1042 - per zone statistics with --enable-zone-stats, config zone with
1044 - Disabled use of SSLv3 in nsd-control.
1045 - nsd-checkconf -f prints out full name of pidfile (with dir).
1046 - Synthesize CNAMEs with same TTL as DNAME.
1048 - Fix that expired zones stay expired after a server restart.
1049 - Fix "xfrd_handle_ipc: bad mode" log errors when compiled
1050 with --disable-bind8-stats.
1051 - Fix #616: retry xfer for zones with no content after command.
1052 - Fix char used as array index warnings on NetBSD.
1053 - Fix that queries for noname CH TXT are REFUSED instead of nodata.
1054 - Fixes for wildcard addition and deletion, speedup for some cases.
1055 - Fix that failure to add tcp to tcp base does not leak the socket.
1056 - Patch nsd_munin_ from Philip Paeps to use type ABSOLUTE.
1057 - Fix spinning NSD with lots of failing transfers, due to pointer
1059 - Fix bug#637: fix that nsd.db grows limitlessly, an off by one
1062 - Fix casts for ctype functions (from Todd Miller).
1063 - correct some hyphen-used-as-minus-sign (from Andreas Schulze) in
1064 man pages.
1065 - Fix zonesdir chroot error message.
1071 - database: "" starts without mmap of database. Less memory is used,
1073 - optimised zonefile parse code and zonefile write code.
1074 - zonefiles-write option in nsd.conf, enabled when database is "".
1076 - xfrdfile: "" disables xfrd.state. If enabled, zones that are
1078 - include: "foo/nsd.d/*.conf" works, wildcard glob on includes.
1079 - nsd shuts down during init process if given signal.
1080 - log-time-ascii option, default yes, with readable timestamp in log.
1081 - nsd-control addzone reports if zone already exists.
1082 - Fix #564: add nsd-checkzone tool to check zonefile correctness.
1083 - Increased default --with-max-ips from 8 to 16, this increases the
1086 - Fixed shutdown message sporadically not printed on exit
1088 - Documented zonefile %s syntax in nsd.conf man page.
1089 - Fix manpage to put colon after zonefiles check and write.
1090 - Change from 'Zone" to "zone" with ".. serial .. is updated" log
1092 - Changed maxbackoff for no-content secondary zones from 4h to 24h.
1093 - Fix print filename of encompassing config file on read failure.
1094 - Fix delete or rename of a lot of zones and make it take a
1095 non-enormous time.
1096 - Speed up deletion of zone contents a lot, (56s to 1s), speeds up
1098 - Fix #571: unused variable and incompatible pointer warnings when
1100 - Fix write_socket return value check in server.c (Thanks Brad Smith,
1102 - Fix that xfrd reaps children also if the signal is lost.
1103 - Fix #577: makefile incorrectly installed manpages from srcdir.
1104 - Fix #587: Default value for statistics is 0.
1105 - Fix #553: Improve TXT parsing.
1106 - Fix #590: rrl log does not print wildcard as a star but escaped.
1107 - Fix #591: rrl log messages at verbosity level 1.
1108 - fix strptime implicit declaration error on OpenBSD.
1109 - Fix -O3 compile flag to -O2 to avoid miscompilations.
1110 - Allow user to override the -g -O2 CFLAGS in ./configure.
1111 - Fix endian.h include for OpenBSD.
1112 - Fix #600: document that provide-xfr provides AXFR and not IXFR.
1113 - Fix rising-load-average or memory-leaks in OSes (Linux since 2.6),
1117 - Remove .LP after .SH in man pages.
1123 - Fix nsd.db unclean close check. Previous databases are considered
1125 - Adds nsd.db larger than 400Tb check for sanity. Also test if
1127 - nsd waits for tasks to complete on stop, prevents nsd.db corruption.
1128 - fix to not delete tmpdir too early in shutdown process.
1129 - disabled udb checking functionality that made it very slow,
1130 this was enabled when enable-checking was turned on.
1136 - Return REFUSED for queries to non-hosted zones.
1139 - Fix expired zones to give SERVFAIL, also when parent zone loaded.
1140 - documented nsd-control zonestatus output in nsd-control manpage.
1141 - remove mention of nsdc from nsd-checkconf manpage.
1142 - Disabled recvmmsg and sendmmsg usage by default because kernel
1144 - Detect libevent2 install automatically by configure, and use
1146 - Fix #551: change Regent to Copyright holder in the LICENSE,
1148 - Fix #552: zonefile loads on nsd-control reconfig when the name
1150 - Fix leak of zone name after zonefile read and fix malloc too
1152 - Fix from 3.2: make SOA RDATA comparisons in XFR more lenient (only
1154 - Fix that NSD will delete and recreate not-clean-closed databases.
1160 - recognizes ip-address and interface as synonyms for convenience.
1161 - Support for EUI48 and EUI64 RR types enabled by default (RFC 7043).
1162 - Support for CAA RRtype (RFC 6844).
1163 - NSID can be set with "ascii_somestring" in ascii.
1166 - Fix xfrd when zone transfer TCP contains zero length packets.
1167 - Fix for NSEC3 zones where parent zone is co-hosted, also NSEC3,
1169 - Fix that bad IXFR updates do not result in double SOA records,
1172 - Log ip address for sendto and sendmmsg failures.
1173 - Fix segfaults after read of zones with rr type WKS from zonefile.
1174 - Seed PRNG for openssl at start of daemon, fixes SSL connection issue.
1175 - Bugfix #534: IXFR query loop over UDP for zones that are unchanged.
1176 - (same as in 3.2.16): fix wildcard cname to nxdomain repeated rrset.
1177 - (same as in 3.2.16): Bugfix #542: Match RRSIG TTL with SOA TTL in
1179 - Check if configure in srcdir collides with outofdir build.
1180 - Fix #546: output format errors in nsd_munin_ (Thanks Tom Hendrikx).
1181 - Fix printout of high-chars in TXT on NetBSD.
1186 - documented in doc/NSD-4-features. Change configuration without
1187 restart, direct nameserver control with nsd-control, support a
1189 - nsdc is gone. Use kill -HUP for reload (also checks if zonefiles
1190 have changed and rereads them), and kill -TERM for quit. Or use
1191 nsd-control for detailed control.
1192 - cron job for nsdcpatch is gone. nsd-control write creates zonefiles.
1193 - nsd.db has a new format that compacts itself when it is changed,
1195 - nsd.db is memory mapped, NSD needs (part of) that mmap in ram.
1196 - tcp-count can go above 1000; epoll/kqueue support with libevent.
1197 - nsd-control reconfig for updates with no restart (zones, keys, ..)
1198 - nsd-control-setup to create keys for nsd-control (enable nsd-control
1199 with remote-control: yes in nsd.conf).
1200 - the NSD 3 feature of special zone stats are not ported to 4 yet,
1203 - configure --disable-recvmmsg for compat with older Linux kernels,
1205 - Fix time at 2038, uint32s changed to time_t, support 64bit time_t.
1206 - Fix use of 32bit time, for 2038, thanks to Theo de Raadt for patch.
1208 - Bugfix #518 Incorrect RRL prefix length option names in nsd.conf
1209 man page from Ville Mattila.
1210 - Fix that xfrd, and nsd-control, does not stop responding when reload
1212 - Fix that EOF in quoted string error does not cause reload to exit.
1213 - Fixup errors from the stack code checker.
1214 - Removed use of random when arc4random is available. Thus, random
1216 - Fix segfault with no logfile and chroot (Thanks Patrik Lundin).
1221 - Optimizations for startup, qps and tcp speed, beta bug fixes and
1223 - nsd-mem tool (make nsd-mem) to estimate memory usage.
1224 - Same as NSD 3.2.16: --enable-draft-rrtypes(EUI48, EUI64), rr-slip,
1225 rrl-ipv[46]-prefix-length, ip-transparent config options.
1226 - configure option --disable-flto.
1227 - improved RRL logging (query details that caused blockage).
1228 - nsd-control status prints out ratelimit if ratelimit is enabled.
1229 - nsd-control verbosity prints out verbosity level without argument.
1230 - Fix #491: pick program name (of executable) as syslog identity.
1231 - printout percentage for long activities (to log). After about 5
1234 - The same fixes up to NSD 3.2.16.
1235 - Fix that old zonefile does not override newer AXFR for slave zones.
1236 - Nicer printout of notify.
1237 - Fix tcp zonetransfer pipeline lookup function.
1238 - Fix compile on bigendian netbsd alpha.
1239 - Fixup the growth and shrinkage of nsd.db. This should use less
1241 - notify information is logged at correct verbosity level, 1.
1242 - Fix memory statistics in nsd_munin_.
1243 - faster nsec3 updates.
1244 - Fixup contrib/bug390.patch for 4.0.0b4.
1245 - remove leak of nsec3.
1246 - allocate radixtree in region for small (5%) total savings and
1249 - Patch from Lukas Wunner that makes nsd.conf include files work
1251 - Fix race on exit of nsd, for restarts, so that the pidfile-pid
1253 - Patch from Lukas Wunner that makes chroot more consistent.
1256 - Fix segfault on repeated reconfigs, double free of zone apex name.
1257 - Fix zone parser allocations are put in the db region.
1258 - Fix memory leak in zone parser for txt record.
1259 - Optimizations: -O3 if possible (user can override CFLAGS), udp
1262 - nsd.db 12% smaller, no nsec3 hash storage. Also ups udb version
1265 - Fix region-allocator for speedup of load and change of large data.
1266 - Increase tcpbacklog default to 256 (silently capped to 128 on BSD).
1270 - unlink xfr file if transfer is stopped, timeouted or interrupted.
1276 - remove -fwhole-program gcc flag usage. We cannot reliably detect
1278 - fix zonefiles-check: entry in nsd.conf
1279 - fix gcc warning, do not use uninit value for rng init.
1280 - remove printout of "bad transfer" to the log for notimpl.
1281 - printout log less verbosely, not every axfr packet.
1282 - RRL documented in nsd.conf.sample
1283 - Fix is_apex flag for zones read from udb.
1284 - Fix that nsec3 zones are precompiled when read from udb. This
1286 - Less printout of 'bad transfer'.
1287 - Fix AXFR of NSEC3 slave zone.
1288 - Fix that old zonefile does not override newer AXFR for slave zones.
1289 - Nicer printout of notify on verbosity 2.
1294 - applied patch from Robin Hack to remove double pid file truncation.
1295 - repattern is called reconfig (because most config options are
1297 - document that the zonefile attribute can be empty.
1298 - documented that the _implicit_ pattern names are used internally.
1299 - Added zonefiles-check option, default yes, check mtimes of zone files
1301 - Fix spurious assertion failure for some rrl blocks.
1302 - Tabs and spaces nicer in nsd.conf.sample.
1303 - List libevent in README.
1304 - Fix configure for gentoo gcc and headers.
1305 - do-ip4 and do-ip6 nsd.conf options just like unbound.
1306 - do not leave task files in /tmp if nsd fails to startup because
1308 - create xfrdir on make install (does not remove on make uninstall,
1310 - Fix segv if xfrdir does not exit.
1311 - log ip address with tcp failure.
1312 - Fix time calculation of zone transfer.
1317 - Add and remove zones from nsd.conf with nsd-control repattern.
1318 - Merge changes from 3.2.15 (such as xname-rcode fix).
1321 - Fix for use with libev.
1322 - 'nsd-control start' runs an absolute path to start sbin/nsd.
1323 - Fix for use with libevent-2.1.2.
1324 - --with-logfile sets the logfile inside the example documentation.
1325 - Fixed addzone and delzone inside chroot (thanks Will Pressly).
1326 - Fix make outside of source directory.
1331 - add and remove zones without restart.
1332 - nsdc is gone, use nsd-control for direct server control.
1333 - performance increases
1334 - support lots of zones
1335 - and more ...
1336 - longer desc in doc/NSD-4-features
1339 - core code is fixed like 3.2.15r3763 (12 dec 2012).
1346 - New config option "ip-transparent:" to allow NSD to bind to
1348 - Use IPV6 minimum MTU settings with TCP to reduce failures that
1351 - Bugfix #496: Support for EUI48 and EUI64 RR types. Experimental,
1352 turned off by default. Enable with --enable-draft-rrtypes.
1353 - New config option "rrl-slip:" to set the average number of
1355 - New config option "rrl-ipv4-prefix-length:" and
1356 "rrl-ipv6-prefix-length:" to set the prefix lengths.
1357 - Improved RRL logging, also print triggering query src address and
1359 - Provide RRL documentation in nsd.conf.sample.
1362 - Bugfix #357: Parent process waits until children closed down
1364 - Bugfix #487: lookup3.c determine endianness for BSD systems.
1365 - Bugfix #491: pick program name (0th argument) as syslog identity.
1366 - Bugfix #494: Exit with return code 1 if socket code fails.
1367 - RRtypes ASFDB, RP, RT should not compress dnames.
1368 - Fix outgoing-interface: Don't fail if family is IPv6 but
1369 only IPv4 outgoing-interface is set, or vice versa.
1370 - RRtypes ASFDB, RP, RT should not compress dnames.
1371 - Check that zone directory is within chroot directory.
1372 - Better XFR checking, fallback to AXFR (if allowed) if three
1380 - Support for ILNP RR types: NID, L32, L64, LP (RFC6742).
1381 - RRL, --enable-ratelimit at configure time and config options.
1382 - TSIG initialization only fails when there is no digest found
1386 - Bugfix #478: Declaration after statement (for gcc 2.95).
1387 - Bugfix #483: Better error message in case of TSIG error.
1388 - Bugfix #485: TTL should not be greater than 2^31 - 1.
1389 - Fix RCODE when CNAME loop final answer does not exist, should
1391 - Fix --disable-full-prehash bug, where after multiple incoming
1398 - TCP writev support.
1401 - Fix build on OpenBSD (thanks Oliver Peter).
1402 - Prioritize notify sender for requesting XFR (thanks Ilya Bakulin).
1403 - Fix crash in zonec if TXT string too long (thanks Ilya Bakulin).
1404 - tzset before chroot for correct timezone (thanks Camiel Dobbelaar).
1405 - Fix --disable-full-prehash bug when nsdc patch happens while ixfr too,
1407 - Bugfix #464: Conditionally define MAXHOSTNAMELEN.
1413 - Fix for nsd-patch segfault if zone has been removed from nsd.conf
1415 - Bugfix #460: man page correction - identity.
1416 - Bugfix #461: NSD child segfaults when asked for out-of-zone data
1417 with --enable-zone-stats. [VU#517036 CVE-2012-2979]
1424 - Fix for VU#624931 CVE-2012-2978: NSD denial of service
1425 vulnerability from non-standard DNS packet from any host
1427 http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt
1434 - Fallback to AXFR if IXFR is unknown at the primary. NSD considers
1437 'allow-axfr-fallback'.
1438 - Allow for reading in new DNSKEY algorithm mnemonics (RFC5155,
1440 - Zone statistics, enable with --enable-zone-stats. This stores the
1444 - Support for TLSA RRtype (DANE).
1447 - Fix for qtype ANY for a wildcard domain in NSEC signed zone: Don't
1451 - Fix for accept spinning reported by OpenBSD.
1452 - Fix restart failed due to bad ixfr packet because of zone removed
1454 - Bugfix #453: typo in nsdc man page.
1457 - NSD uses the query name for dname compression again (Fix #235
1466 - Bugfix #421: Truncate pidfile on shutdown, before unlink.
1467 - Bugfix #423: Fix slow zone transfer processing due to
1469 - Fix bug #430: segfault when MAX_INTERFACES set to more than 65K.
1470 - Fix configure.ac strptime check for gcc 4.6.2, acx_nlnetlabs update.
1477 - Minimize responses to reduce truncation: NSD will only add optional
1481 The minimal response size is 512 (no-EDNS), 1480 (EDNS/IPv4),
1485 The feature is enabled by default. You can disable it by configuring
1486 NSD with --disable-minimal-responses.
1488 - Less NSEC3 prehashing. This will make NSD handle zone transfers
1491 less NSEC3 prehashing, configure NSD with --disable-full-prehash.
1495 - Bugfix #302: nsd accepts XFR but refuses to re-read the slave zone.
1496 - Bugfix #365: set patch style and zonec verbose for nsdc.
1497 - First step of bug #369: RRSIG DNSKEY sets zone to be treated DNSSEC.
1498 - Bugfix #375: typos in nsd.conf.5.
1499 - Bugfix #381: Binary escaped and transfers.
1500 - Bugfix #397: Don't allow relative domain names as origin in $INCLUDE
1502 - Fix printout of IPSECKEY by nsd-patch.
1503 - Fix is_existing flag for ENT when domain that has a shared ENT
1504 is deleted by IXFR. (ENT == Empty Non-Terminal)
1505 - Fix bug if the zonefile is changed for a secondary but stored
1507 The zone is flagged with error and AXFR-ed.
1508 - Fix to have no authority NS set processing for CNAMEs.
1509 - Fix nsd-checkconf to check tsig algorithms properly.
1510 - Set the AA bit on responses that have an authoritative CNAME.
1511 - Fix denial of existence response for empty non-terminal that looks
1512 like a NSEC3-only domain (but has data below it).
1515 - nsd.db version number increased because NSD 3.2.7 and earlier
1524 - Do setusercontext() before chroot(), otherwise login.conf etc. are
1526 - Bugfix #216: Fix leak of compressiontable when the domain table increases
1528 - Bugfix #348: Don't include header/library path if OpenSSL is in /usr
1529 - Bugfix #350: Refused notifies should log client ip.
1530 - Bugfix #352: Fix hard coded paths in man pages.
1531 - Bugfix #354: The realclean target deletes a bit too much.
1532 - Bugfix #357, make xfrd quit with many zones.
1533 - Bugfix #362: outgoing-interface and v4 vs. v6 leads to spurious
1535 - Bugfix #363: nsd-checkconf -v does not print outgoing-interface ok.
1536 - Bugfix: nsd-checkconf -o outgoing-interface omits NOKEY.
1539 - Use 'make clean' to clean up files that make created.
1540 - Use 'make realclean' to also clean up files that were generated by
1542 - Use 'make devclean' to also clean up autoconf, autoheader files.
1548 - Bugfix #253: Don't put NS RRs in a response with QTYPE=DS.
1549 - Bugfix #320: use arcrandom(4) for QID generation if available.
1550 - Bugfix #328: nsd-checkconf overrun.
1551 - Bugfix #343: nsdc update fix.
1552 - Bugfix #347: Wrong NSEC3 returned for nodata response QTYPE=DS no delegation.
1553 - Bugfix: Allow for huge amount of strings in TXT (and other) records.
1554 - Bugfix: nsdc can now deal with tsig algorithms other than hmac-md5.
1555 - Fixed several parts in the documentation, including #306, #345.
1561 - Bugfix #314: correctly print NSEC next field, escape spaces and
1565 - Expand command line option '-a' and config option 'ip-address:'
1569 - Configure options --disable-dnssec, --disable-nsid, --disable-tsig
1571 - Configure option --max-interfaces is renamed to --max-ips.
1576 - NSD will not start if chroot is configured, but changing root is
1578 - Make use of the more secure strl* functions.
1579 - Bugfix #303: spelling error.
1582 - New option 'nsid:', to specify the NSID (Bugfix #298).
1583 - The default chroot can be set with --with-chroot=<dir>.
1585 - Optimized zonec and b64_pton compatibility code (thanks Martin Svec).
1586 - Optimized memory allocations. Use mmap/munmap instead of malloc/free.
1588 --enable-mmap (thanks Martin Svec).
1591 - NSID support is now enabled by default.
1596 - Bugfix #269: Additional C99 syntax.
1597 - Bugfix #276: Zonec prints debug data to stderr.
1598 - Bugfix #286: Document verbosity levels in nsd.conf manual page.
1599 - Bugfix #288: Ignore SIGHUP to child processes.
1600 - Fix typo in include file for setusercontext.
1603 - Support DLV records.
1604 - New option 'tcp-query-count:', to limit the maximum number of
1606 - New option 'tcp-timeout:', to override the default tcp timeout.
1607 The default can also be set at build time, --with-tcp-timeout=<number>.
1608 - New option 'notify-retry:', to configure how many times NSD should retry
1610 - New options 'ipv4-edns-size:' and 'ipv6-edns-size:'. to set your preferred
1614 - UDP/IPv4 sockets have new options set that will disable the DF flag in IP
1620 - Bugfix #236: Allow RRs before the SOA in a zonefile.
1621 - Bugfix #249: Remove the C99 code.
1622 - Bugfix #253: Don't put NS RRs in a response with QTYPE=DNSKEY.
1623 - Bugfix #263: Make TSIG algorithm comparison case insensitive.
1624 - Bugfix #266: Build failed on systems without strptime.
1625 - Bugfix: install hickup.
1626 - Fix to use 4096 EDNS limit for IPv6 on Linux.
1631 - Off-by-one buffer overflow fix while processing the QUESTION section.
1632 - Return BADVERS when NSD does not implement the VERSION level of the
1634 - Bugfix #234.
1635 - Bugfix #235.
1636 - Reset 'error occurred' after notifying an error occurred at the $TTL or
1639 - Minor bugfixes.
1644 - NSD will now fallback to AXFR, only if the master does not support IXFR.
1645 - You can adjust nsdc patch to skip textfile patching. This will
1650 - When configuring, don't do strptime test when cross-compiling.
1651 - Bug #230: Output non-error messages to stdout.
1652 - Better error message when ixfr.db old file format is read.
1653 - Bug #218: shared UDP query for all interfaces.
1654 - Bug #222: Remove bashism from nsdc script.
1655 - Nicer check for SHA-256 functionality.
1656 - Fixed some minor memory leaks that occurred on reload.
1657 - nsdc: check if a lockfile has not gone stale, when lock failed.
1658 - Bugfix strptime compatibility function
1661 - New configuration option 'allow-afxr-fallback', "yes" by default. If
1664 - Allow file rotation on nsd.log.
1665 - The new nsd-patch options -s and -o allows you to skip writing
1672 - Format of ixfr.db has changed. When you are planning an upgrade to the
1675 - IXFR is transmitted over TCP by default instead of UDP. If you want to
1678 request-xfr: UDP 1.2.3.4 tsigkey
1682 - nsd-patch prints errors to stderr instead of stdout.
1685 - Only normalize dnames in rdatas when rrtype is listed in RFC 4034,
1687 draft-ietf-dnsext-dnssec-bis-updates (affects RRSIG and NSEC records).
1688 - Typo in zonec manpage.
1689 - Bugfix in log_finalize.
1690 - Fix race condition between nsdc patch and server reload.
1693 - AXFR/TCP fallback in case of failing IXFR zone transfers.
1694 - RFC 4635: support for hmac-sha1 and hmac-sha256 TSIG algorithm
1696 - Configure the source ip-address for notifies (master) and zone
1698 - nsd-notify and nsd-xfer allow you to configure the outgoing
1700 - Additional debug and verbose log messages.
1705 - Try to avoid race conditions with NSD reloading and nsdc running,
1707 - Fixed NSEC3 memory leak in the case NSEC3 is not needed.
1708 - Fixed some memory leaks that happened on error, mostly on
1710 - Bugfix #191: nsd-checkconf allowed only (max_interfaces-1) interfaces.
1713 - The number of maximum interfaces allowed is configurable with
1714 --with-max_interfaces=<number> (thanks John Lightsey).
1719 - Default locations of nsd.db, ixfr.db & xfrd.state are changed to
1723 - Zone compiler gives more sane error messages when out of
1725 - Changed man pages format from mdoc to mansun, to support the Solaris OS.
1726 - Log tcp read error only when connection not reset by peer or when
1728 - RRs are compared without checking the TTL value.
1731 - NSD is now NSEC3 enabled by default. You can disable it by configuring
1732 NSD with --disable-nsec3.
1733 - Added "hide-version" configuration setting. Enabling this feature
1735 - Added bind2nsd 0.5.0 (http://bind2nsd.sourceforge.net) in contrib/.
1736 - Report source and zone for denied AXFR attempts.
1741 - Better logging for nsd-notify (show 'broken' zone)
1742 - Add configuration for chkconfig to control nsd service.
1745 - Fixed nsdc start when nsd already running: do not initialize server,
1747 - Fixup bug where data related files are looked up in the wrong
1749 - Fixup bug where nsd would return FORMERR if received an edns
1751 - Fixed strptime, so that zonec will also work on systems with broken
1752 strptime (like leopard :-))
1753 - Do not answer nsec3 wildcard information when DO bit is not set
1754 - Better logging when creating database failed.
1755 - Various spelling errors
1760 - Error handling for malformed IXFRs improved.
1761 - Fixed man pages, consistent syntax.
1766 - Report source and zone for denied AXFR attempts.
1769 - More elegant handling of malformed nsec3 records from a zone
1771 - Fixup ignored return value in region-allocator.
1772 - Added bind2nsd 0.5.0 (http://bind2nsd.sourceforge.net) in contrib/.
1777 - Fixed problem with reload waiting very long. If the OS has a
1781 - Made TCP listen sockets nonblocking. NSD could block in accept.
1782 - Handle the new CERT RDATA types defined in RFC 4398 (submitted by
1784 - Fixed a bug where zonec would choke on unknown CERT RDATA types.
1785 - Change nsd-notify retry timer from linear into exponential
1787 - Debug flag (-d) behavior changed. Nsd now also forks children when
1789 - Added verbosity mode (-V <level>) for extra operational logging.
1790 - zonesdir default is /etc/nsd. This can be overridden in nsd.conf.
1791 - if clients drop the tcp connection this does not result in a logfile
1797 - zonec will print an error when other data is put next to a CNAME.
1798 - Fixup unaligned memory access that could occur when reading ixfr.db
1800 - Fixup for the WKS RR type printout by nsd-patch and nsd-xfer.
1801 - Error message 'could not read database CRC' now only given on error.
1802 - ./configure --zonesdir=<directory for zone files> now works to
1804 Set zonesdir: "" to disable the change of directory.
1805 - Bug: reload crashes with log message 'continuing with old database',
1806 and after that no more zone updates. Manual fix is to kill -HUP,
1808 - Small speedup where xfrd could briefly be busy-waiting.
1809 - If master sends IXFR with glue that is already present in the zone
1810 this is silently accepted. Printed in debug mode -L 2. To make
1812 - Exponential backoff for zones that never worked to max of 4 hours.
1814 - allow-notify acl entries 'NOKEY' match only queries without TSIG.
1815 - Answers to valid notifies contained wrong RR counts in the header.
1819 - Added contrib/nsd.zones2nsd.conf python script to convert NSD 2 to
1821 - The nsdc control script will print 'nsd startup failed' if the nsd
1827 - Bug #152: NSD would not use the identity from nsd.conf, fixed.
1828 - Bug #153: When running with thousands of secondary zones, NSD would
1831 - Fixed getaddrinfo error message to be more descriptive.
1832 - Fallback to ip4 if getaddrinfo fails for ip6.
1833 - Will no longer lose a notify message during reloads (IPC).
1834 - Will no longer lose transfer in progress when notified for that zone.
1835 - Nicer error when operator forgets to rebuild after deleting a zone.
1840 - Nice error from zonec on a wrong configuration zone name.
1841 - Nicer warning from zonec when starting secondary zone with
1843 - nsdc makes more portable use of 'which' (for SunOS5.9/bash2.05).
1844 - Bug #143: Improved handling of zonesdir: directive and relative
1846 nsd-patch. They would not find the files.
1847 - Bug #144: LOC RRtype default values for precision wrong. Fixed.
1848 - Bug #145: NSD failed to reload cases of simultaneous zone transfer.
1849 - Bug #146: NSD fails to write to xfrdfile when chrooted. Fixed.
1851 - Bug #147: NSD runs out of memory. Fixed, memory is reused.
1853 - nsd -L 1 logging is smaller, -L 2 contains all debug information.
1855 - Bug #149: Fixed text for NOTAUTH error code. When notify is not
1861 - nsd-patch prints SOA record at start of zone files.
1866 - AXFR/IXFR zone transfer supported.
1867 - NSD requests but does not provide IXFR transfers.
1868 - NSD keeps track of SOA timeouts for secondary zones.
1869 - TSIG authentication supported.
1870 - For queries, for notifies, for zone transfers.
1871 - NOTIFY messages of zone updates, incoming and outgoing.
1872 - DNAME type is supported, including CNAME synthesis.
1873 - config file, nsd.conf(5), place to put TSIG keys, server settings,
1874 and lists of ip-addresses/ranges for AXFR/IXFR and NOTIFY.
1875 - prepared for NSEC3 (--enable-nsec3), experimental code for testing
1877 - prepared for NSID (--enable-nsid), experimental code for testing in
1881 - config file needed, nsd.conf(5) supersedes nsd.zones and nsdc.conf.
1882 - AXFR transfers are denied by default. Allow in config file.
1883 - Zones only become secondary with "request-xfr:" items in config file.
1884 - NSD produces "ixfr.db" file with a journal of zone transfers.
1886 - NSD produces "xfrd.state" file with zone timeout information.
1888 - NSD sends notifies automatically,
1889 nsd-notify is deprecated and will be removed from the package.
1890 - NSD requests AXFR/IXFR and reloads the updates automatically,
1891 nsd-xfer is deprecated and will be removed from the package.
1892 - Check your config file with nsd-checkconf.
1895 - contains all bug fixes from 2.3.5 and before.
1896 - The sighandler() bug is fixed more thoroughly,
1898 - CNAMEs are followed by the server to different zones and
1901 - bug fixes (ported) 2.3.6.
1902 - nsd-notify will retry max 15 times 5 second retries.
1903 - Bug #105: nsdc lacks locking, fixed locking for root user.
1904 - Bug #134: nsd: make -N <large number> work again
1905 - Bug #135: Typo in locking code for nsdc, fixed.
1906 - uninitialised variable fixed.
1907 - unaligned memory access (on Solaris SPARC), in zonec
1909 - Bug #138: nsd aborts trying to bind all interfaces if ip6
1911 - Bug #139: resync timer for stats to whole minute.
1912 - Bug #140: NSD did not clear CD bit on authoritative answers.
1913 - Bug #141: NSD did not clear flags on a formerror reply.
1918 - Bug #132: regression, nsd: fix compile with --disable-ipv6
1919 - Makefile: remove gnuisms
1924 - Unknown type codes for type code numbers > 48 and < 97 work again.
1925 (this implies --enable-checking can be enabled again)
1926 - nsd: sighandler() fixes
1927 - Bug #118: nsd: nsd_notify waits for a response. Will retry the notify
1929 - Bug #124: $(DESTDIR) was added to Makefile.in.
1930 - Bug #128: zonec: parser can handle \\ at the end of a string.
1931 - zonec: lexer: add \r to the newline delimeter
1932 - zonec: use strtol with an explicit base 10 as parameter.
1934 - nsd-xfer: print human readable error codes. Change logging to
1940 - Apply the correct patch to nsdc.sh.in.
1945 - Bug #101: add support for the SPF record.
1948 - Bug #100: replaced non-portable use of timegm(3) with
1950 - Bug #103: nsd: trim the SOA's TTL to the MINIMUM value when returning a
1952 - Bug #104: nsd: add a time_t timestamp to the log when logging to
1954 - Bug #105: nsdc: use a lock file when rebuilding the database (patch by
1956 - Bug #106: zonec: don't walk all 256 NSEC windows when that is not
1958 - Bug #107: zonec: fixed a crash when encountering bad unknown rdata.
1959 - nsd: Don't print: "error: nsd is already running as <pid>, stopping"
1961 - nsd: Minimize the race window in sig_handler().
1966 - zonec: Don't crash when generating error messages outside of zone
1968 - nsd: when logging to a file the pid is now printed.
1969 - nsd: Reset 'boot' time in statistics when reloading the database,
1971 - nsd-xfer.c: Added '-a' option to specify local address to connect
1973 - Bug #98: Allow mnemonics for DS and RRSIG algorithm field.
1978 - DNSSEC is now enabled by default. NSD should be fully
1982 - nsd: Ensure that the number of -a flags does not exceed the
1984 - nsd-xfer: Use serial number arithmetic (RFC1982) for the
1986 - nsdc: Don't pass (fake) serial number to nsd-xfer if the
1988 - zonec: Loading many zones would cause namedb_find_zone to
1990 - Bug #96: nsd-xfer did not handle 8-bit domain names
1996 - The message priority is now included when logging to a file.
1999 - Zero length RDATA using the unknown RR notation was not
2001 - Bug #93: './configure' error message containing a comma must
2003 - Bug #94: nsd-xfer: Handle unexpected EOF when receiving AXFR
2006 - Bug #95: An owner starting with an asterisk label ("*") was
2012 - nsd-xfer: replacement program for named-xfer to perform zone
2013 transfers using AXFR. TSIG is supported by nsd-xfer but not
2016 --disable-tsig if you do not have OpenSSL installed.
2017 Configure using --with-ssl=path if OpenSSL is not installed
2021 - New data structure 'buffer_type' for representing binary
2027 - Fixed endian problem in WKS record.
2028 - Protocol can now be specified numerically in WKS record.
2029 - Allow escape sequences (\DDD) in TTL, RR class, and RR type.
2030 - The zone compiler now accepts many more characters in
2033 - Close included files after reading.
2034 - Maximum TCP message size is now 65535 bytes. AXFR response
2037 - The TSIG key for AXFRs can now also be stored in the file
2040 - Signals are no longer blocked while performing I/O so the
2042 - Fixed parsing of LOC rdata. Fractions and altitude were not
2048 - Bug #90: handle \000 in TXT records correctly
2049 - Fixed undefined behavior in the use of vsnprintf when
2055 - nsdc: Fixed a typo that caused AXFRs to stop working.
2060 - nsd: The pidfile can be specified using the '-P' option.
2063 - Bug #87: allow @ in the rdata
2064 - Bug #88: allow ::FFFF:ipv4addr in AAAA records
2065 - Bug #89: Count the number of queries received over TCP,
2067 - Zonec: when - is used as input, set the filename to 'STDIN'.
2068 - The nsdc script handles failed AXFRs more gracefully.
2069 - NSD emits an error when it sees bitlabels (RFC 2673).
2070 - Only copy the CD bit when DNSSEC is enabled.
2075 - NSD now fully supports unknown record types using the
2077 - Support for the following RR types has been added: WKS, X25,
2082 - Bug #84: NSD now uses SIGUSR1 instead of SIGILL to report stats.
2083 - Bug #85: Support for WKS records.
2084 - Bug #86: The characters "#%&^[]?" can now be used without
2086 - Plugin callback return type fixed.
2087 - The maximum message length for IPv6 UDP packets is now
2094 - Bug #81: Handle unknown types correctly.
2095 - Bug #82: Zonec: don't report "0 errors" unless -v is
2097 - Bug #83: Close zone files after parsing.
2098 - Handle AFSDB RR type.
2103 - New networking code allows a single server to handle both
2105 TCP connections are supported. Use the '-n' flag to change
2111 - Allow the use of a mnemonic for the algorithm field of a
2113 - Behavior of the zonec -v flag has been modified. By default
2116 - Bug #75: Fixed typo in previous "fix".
2121 - Queries for QTYPE DS (DNSSEC) were not handled correctly in
2123 - Partial support for unknown RRs. Known RR types with
2125 - Bug #75: Fixed bad error message when nsdc update is run for
2127 - Bug #78: Multiple zones, each with include directives, are
2133 - Experimental DNSSEC support implemented, but disabled by
2134 default. Enable using the --enable-dnssec configuration
2136 - IPv6 enabled by default. Disable using the --disable-ipv6
2140 - Bug #47: Domain name is now logged when a notify is
2142 - Bug #70: First include all A records in the additional
2144 - Bug #77: Check length of domain name and label.
2145 - LOC records are supported again.
2147 1.4.0-alpha1
2150 - New database format that is much more compact and portable
2152 - The new zone compiler is now the default and the old zone
2154 - Name compression is done dynamically, removing one other
2157 - CNAME target records are now generated from wildcard
2161 - mmap(2) isn't currently supported.
2162 - Not all RR types are supported by zonec (such as LOC).
2164 1.3.0-alpha1
2167 - New name lookup algorithm. This required a change to the
2170 - New zone compiler (zonec2) based on flex and yacc, fully RFC
2172 - Database can be loaded using mmap(2) (use the --enable-mmap
2175 - Region based memory allocation and resource management.
2176 - New internal format for storing domain names. Each dname
2179 - Updates to the plugin API.
2182 - Bug #65: The syslog facility is now a compile time option
2183 (--with-facility=FACILITY). The default facility is DAEMON.
2184 - Bug #66: Automatic periodic dumping of the statistics (using
2185 the -s option) is now continued after a database reload.
2190 - Bug #72: If an RRset for a child domain is defined before
2197 - Bug #65: The syslog facility is now a compile time option
2198 (--with-facility=FACILITY). The default facility is DAEMON.
2199 - Bug #66: Automatic periodic dumping of the statistics (using
2200 the -s option) is now continued after a database reload.
2201 - NSD would try to kill pid -1 on startup if forking of a child
2203 - Do not log EAGAIN errors on calls to recvfrom. These errors
2209 - Bug #59: NSD returns FORMERR when the query name is >= 246
2211 - Bug #60: Zonec runs out of file descriptors with many zones.
2212 - Bug #61: nsdc uses /bin/sh hardwired (and should not).
2213 - Bug #62: NSD is not able to log to a file.
2214 - Bug #63: nsdc update and zonec are too talkative.
2215 - Bug #64: Answer for request of a host resolved by a
2216 wildcard-resource-record is not understandable by dig.
2221 - AXFR terminates early if a zone contains a CNAME pointing
2223 - During an AXFR memory above the top of the stack was
2226 - NSD now prints its version number and exits when invoked
2227 with the -v flag (bug #57).
2228 - NSD prints help information and exits when invoked with the
2229 -h flag.
2234 - NSD is now a single parent process (handling child
2240 - Experimental plugin support. This required a minor,
2242 recompile your database. Use --enable-plugins to enable.
2243 - Full IPv6 support (for multi-homing and for Linux, thanks to
2244 Colm MacCárthaigh and Jun-ichiro itojun Hagino). Use
2245 --enable-ipv6 to enable.
2246 - Support for multi-homing with TCP connections.
2247 - Support for SunOS 4.x has been dropped.
2250 - NSD should now conform to the Single Unix Specification
2252 - Const correctness for strings and some other data types.
2253 - Removed code for Berkeley DB, hash tables, and mmap(2).
2254 - Separate preprocessor flags from code flags (CPPFLAGS and
2256 - Use uint8_t instead of u_char, uint{16,32}_t instead of
2258 - Fixed warnings from mixing signed and unsigned types.
2259 - Use sigaction(2) instead of signal(2).
2260 - The query_process function has been split up for clarity.
2263 - CHAOS TXT queries failed on big-endian machines.
2264 - Portability fixes for Tru64 (thanks to Stephane Bortzmeyer),
2265 HP-UX, and MacOS X (thanks to Ronald van der Pol).
2266 - Removed compile time limit on maximum number of TCP child
2268 - Support for debugging UDP and TCP queries.
2269 - Always ensure there is enough room for the EDNS record when
2275 - ANSI C
2276 - autoconf/configure
2277 - new parser
2278 - support for various RR types in zonec
2279 - support for UNKN RR types
2282 - lots of zone parsing errors eliminated
2283 - empty node matching bug gives NXDOMAIN
2290 - Ignore SIGPIPE errors (bug #43).
2291 - Keep track of TCP child servers and restart if necessary.
2293 - Handle database reload failures correctly.
2294 - Close UDP sockets in TCP child servers.
2295 - Handle escaped characters (besides \.) in labels.
2296 - Preserve the query's RD flag in the answer.
2301 - -DBIND8_STATS to enable bind8 like [NX]STATS
2302 - -t flag to make nsd chroot to a certain directory
2303 - -s flag to make nsd produce statistics every s seconds
2304 - /etc/nsd/nsdc.conf to overwrite default variables
2306 - less loggin and more radical tcp connection (mis)handling
2307 - prefork -n processes to handle tcp connections
2308 - multiple -a flags
2311 - named.stats file functionality is removed
2314 - couple of pedantic fixes in C code
2315 - last zone in database axfr bug fixed
2316 - nsdc update wont update bug fixed
2322 - NSD drops permissions after binding the sockets
2323 - ``cache'' zones are no longer allowed
2324 - ID.Server & Version.Server compile time options
2325 - AXFR implemented (with tcpwrapper for access control)
2326 - nsdc update and nsdc notify functionality
2327 - using named-xfer with TSIG for inbound axfr
2331 - the order of records in the database is from now
2333 - since Berkeley DB doesnt define order for sequential
2337 - white space problem in zonec is fixed
2340 - please see appropriate man pages for the known bugs
2347 - Although NSD allows one to configure a zone without SOA record and
2348 use it as so called ``cached'' non-authoritative data, it is decided
2352 - If while processing EDNS(0) OPT record NSD encounters bad EDNS(0)
2357 Tested and working on i386 FreeBSD-4.4, i386 Linux, dec alpha Linux,
2361 1.0.0-BETA2
2365 - wildcards bug fixed
2366 - AA bit for class ANY bug fixed
2367 - minor coredumps with really broken zones in zonec fixed
2368 - linux & SunOS port
2370 1.0-ALPHA2
2373 - IPv6 transport support added by Jun-ichiro itojun Hagino (Use -DINET6)
2374 - Makefile modified for easier compile time configuration
2375 - EDNS(0) bug fixed
2376 - Default database changed to all lowercase, red-black tree to make nsd
2378 - REQUIREMENTS are cleaned up and updated
2379 - Signal names changed in nsdc.sh.in
2380 - Default compile options dont include -DMIMIC_BIND8