2.06 minor bugfixes to simple-search mode (thanks =?gb2312?B?uai/qurN?=) Oliver Tschaeche points out we're missing some SOA answers. Steven McCoy added support for LDAP URLs. Chris Garrigues points out LDAPDNS couldn't make DomainKeys. This behavior has changed finally. minor bugfix to hash algorithm. i knew there was a reason I was getting so many collisions. 2.05 minor bugfixes reworked the meaning of @ and $SCHEMA=ldapdns to be more like LDAPDNS 3. fixed a potential crash due to misconfiguration. 2.04 Giacomo Cariello fixed an AXFR bug that seems to occur with a different version of OpenLDAP than I have. protect AXFR from being used with $SCHEMA=ldapdns LOG _was_ commented out of init scripts... now it isn't. package maintainers and non-djbish users can now have logging Jeff Clark submitted some changes to fix RELATIVE NAMES and to workaround the fact that openldap > 2.1.8 no longer has the client side cache. the configure script can now detect openldap 2.1.8 and greater 2.03 whoops... changed both NS reponses to ANSWER instead of swapping them. Thanks Andreas! 2.02 Paul Fleischer found a bug in the SOA parsing code; The code now works with non-GNU compilers... will now give NS answers even if no other answers are possible... fixed possible memory leak when using $SELFNS @ translation for nSRecord now occurs earlier and hopefully a bit more consistantly. 2.01 rollover into 2.01 versioning scheme changed to make package maintainers' jobs easier debian packages updated (slightly) jd@epcnet.de added fixes to use minimum as ttl instead of refresh-time, SOA handling for DENIC, and a tool for converting BIND9 zones using dig: http://www.dolze.de/ldapdns/zone2ldif.tgz AND a fix for segfaults when using split-horizon wrong :) bugfix for AXFR; supports communication with BIND9 now... sOARecord can now simply be a serial number (request) tries to detect the difference between a version 2 and version 3 LDAP server. DN_MODE_LDAPDNS was moved to 0x03 and the default is now DN_MODE_COSINE associatedDomain can now be used with $SCHEMA=LDAPDNS for finding the root of a DNS zone. from the mailing list, we have a new way of determining our local domain name... expect domainname.sh to get better... 2.00-10 minor bugfix (LOG_PERROR reverse logic) better detection of solaris (Jason Parsons) incorporated changes from jd@epcnet.de Giacomo Cariello suggested environment variables for DEFAULT_* settings. This is now done. the defaults also are more favorable to other national nics. 2.00-9 sorry i've been gone for so long initial debian support now (yay!) some changes to the documentation changes to the configure script that may help linking against a static OpenLDAP lib on Solaris. install.sh tries TRUEPREFIX if the PREFIX was empty Giacomo Cariello brought to my attention a problem with the *BSDish systems. if tm_isdst is set, then they will currently fail if the current timezone would yield an invalid value (instead of normalizing it like other operating systems do). I detect this, and a few other weird values from mktime() and make an effort to do the right thing (disabling daylight savings time). This WILL cause a problem if you use zone transfers on these machines when DST goes into effect. The real solution? Have your LDAP server run in UTC (they don't honor DST) and run your LDAPDNS in UTC as well. See? Problem solved! changes from Mariano Absatez added to get LDAPDNS to use LDAPv3- even if it doesn't do any version-3 related things (yet). This seems to me to be a bug in OpenLDAP 2.1; but PureFTPd works around it similarly so I see no reason not to... Giacomo Cariello also noticed a problem with sOARecord attributes, and especially problems with getting serial numbers working. this has been fixed. sOARecord now overrides modifyTimestamp attributes in the directory. 2.00-8 minor bugfixes that should work around bugs in solaris headers some modifications for the init-scripts so that suse's insconfig will work. syslog support now working after chroot() 2.00-7 bugfix by Ilya: additional (needed) locking some timing bugs that would cause lots of error messages to pop up. could hang ldapdns under extremely _low_ load. now returns NXDOMAIN by default if zonesearch fails. Ilya found a hangup; if you restart OpenLDAP on a SMP box, ldapdns _might_ freeze. It's been announced as fixed, and here :) AXFR SOA now returns the name nameserver as other SOA lookups :) minor fixes to DNS ordering (as per the mailing list) 2.00-6 bugfix in dns_packet_skipname() [i never use it... but hey :) ] AXFR searches use less memory now (not dependent on amount of data) fix to configure script searching for poll() bugfix in config.pl (admin scripts) 2.00-5 more AXFR bugfixes (message ordering) added response_axfr() functions (for dealing with axfr dialog) a few other minor bugfixes if you need AXFR, this is the release for you -- it actually works again :) 2.00-4 bugfix for AXFR (all modes) bugfix to engine.c (registering garbage collector) 2.00-3 bugfix for freebsd (ip4/ip6: zero out the sockaddr) bugfix concerning treatment of $AXFR and $ROOT/axfr not consistant with documentation workarounds for memset/bzero/memcpy/etc not being present malloc/free replaced with mem_alloc and mem_free that use a preallocated buffer like djb - but if they run out will dump the ldap cache (as a last ditched effort) -- whether or not this is a good idea is best left to the people that actually run out of memory :) 2.00-2 bugfix release fix to redhat spec fix to supervise mode (wrong pid being written) fix to hash table (now copies the key) (change to engine.c to reflect this) 2.00-1 bugfix release supervise mode fixed modifications to configure to search for pthread_kill_other_threads_np logging code fixed (LOG=/path/tofile and LOG=|program) 2.00 welcome to ldapdns 2.00 new env: $DNS_THREADS and $LDAP_THREADS - this should provide faster response on picking up queries now automatically grows the number of handlers as needed; you can still use $HANDLERS to "preload" the number of initial handlers. $HANDLERS=0 means to use the default 2(l+d) $HANDLERS=1 _really_ means to use a special 1:1 mapping * this configuration works _really_ well for systems with poor scheduling (or perhaps just poor threads) like OpenBSD and FreeBSD -- it is REALLY not good at all for SMP systems * AXFR will _always_ use this configuration in tcpserver mode and with that: the interface is now stable. only bugfixes on this branch now. /var/state/ldapdns was changed to /var/lib/ldapdns split-horizon works again 2.00z alterations to the message loop (lagging that only shows up under extremely high loads) various commenting fixes reorganized the startup proceedure swapped the meanings of NO_ADDITIONALS/NO_ADDITIONALS_NS (to better coincide with what you think they should do) IPV6 transport may be working now (try IP=::) * note, i don't have IPv6 on my own systems... it is up to YOU to help debug this. 2.00y minor bugfixes to the sysvinit scripts (systems without /sbin in path) modifications to install.sh and ldapdns.spec supplied by mark@rubberchicken.org better random number generation calculated simple searches; using foobar.mydomain.com, can find: dn: cn=person, o=myorg cn: person dc: foobar aRecord: 192.168.0.1 (see README.search) more workarounds for MS-DNS preliminary IPV6 support - note this is for using IPV6 as a transport, not answering AAAA and friends. use generic records for those things for now... (mostly just parsing stuff) 2.00x it's been a bumpy ride these past few versions. this stabalizes things minor bugfixes to DNS-name compression code minor bugfixes to subrequest code GNU-style configure script running out of handlers is no longer a fatal error threads<->handlers are now balanced via load we now use OpenLDAP's modifyTimestamp for a serial number. this makes zone transfers actually possible (and sane) using ldapdns with BIND secondaries sets the [aa] and [ad] bits like BIND (not like djbdns anymore) reverted to the 2.00t message loop. I removed my semaphore library. dns_* functions renamed tp_* for "transport" the INSTALL documentation is a lot less threatening :) 2.00w we skipped 'v' because it looks silly right after 'u' :) but that's okay, because there's lots of silly updates we're getting close to the end of the 2.00 interface stabilization. if there's ANYTHING ELSE you think you wanted to see in the 2.00 tree, now is the time to bring it up. generic records format changes; 0xFF in photo must be escaped as 0xFF00 this is to accomodate name compression for SRV records new administrative tools: add_generic_record and set_generic_record see the README.generic-rr for details can specify a non-standard port with $PORT preliminary NETBIOS support. set PORT to 137 and NETBIOS=1 if you want to answer NETBIOS WINS/NBNS queries * note, this code depends on NS-UPDATE... until that's finished, * you cannot use ldapdns as a full-fledged WINS server works around a bug in MS-Proxy Server and MS-DNS: apparently MS-XXX claims SOA for all cached domains. it forwards all requests as ANY requests, and only caches this information. if an SOA isn't provided, MS-XXX will use it's own to "remember" that it's cached wrong. so now we're back to really old behavior: we `include' SOA's, no matter how wasteful, with every "ANY" request. Ilya V Kotusev rewrote the message loop again to use semaphores. This looks a lot cleaner. OpenBSD 2.9 and earlier don't have POSIX 1003.1b semaphores. there is a (partial) pthread-only implementation in sem.h that works well enough for ldapdns. If you have a better one, use -DHAVE_SEMAPHORE and it'll use your system-installed one. *Under Linux, you SHOULD use the linuxthreads semaphore library. You will not like what can happen if you do not. $NS or $NS1 $NS2 $NS3... can fudge up nameservers returned. This is useful to many people taking over control over domains that list different records in the root nameservers. $SELFNS allows you to specify a "root nameserver node" for the SOA. we'll see just how useful this is later on. nSRecord attributes can contain a single '@' which will allow them to be considered as roots of a zone, but emitting nameservers will only emit those supplied with $NS or $NS1 $NS2 $NS3... 2.00u minor bug in engine.c -- slowed recovery slightly. minor bug in install.sh; doesn't get "named" 's uid properly 2.00t built-in supervise works a little better added some more entries to the FAQ tries to restart ldap connections for more kinds of errors. tries to balance ldap connections to different hosts better, rebalances if one goes down Ilya V Kotusev learned more about OpenLDAP's reentrancy(sic) and rewrote the message loop. It should never block now. He also changed is to that if openldap is taking it's sweet ass time, we no longer send SERVFAIL -- we just stop talking. the makefile should work without GNU make now... 2.00s try to avoid hanging ldapdns if stderr is missing the ability to disable ADDITIONAL section usage has been added. this could give the illusion of being able to handle more requests by simply forcing the client to make more. use the source. PDNS and Incognito DNS COMMANDER both do this. I think it's a bad idea, but if you want pretty benchmarks for LDAPDNS and you want to compare against PDNS and DNS COMMANDER, you should probably enable this setting (disable ADDITIONAL/SUBREQUEST) Address records can now be randomized with SCHEDULE_ARECORD=random Fixed a bug in DNS name decoding (NOTIFY and UPDATE) NSUPDATE support added (does everything but actually modify the directory... stay tuned) $TIMEOUT (or $TIMEOUT_TCP) will hangup on idle tcp seconnections (in seconds) $ALWAYS_HANGUP (or $ALWAYS_HANGUP_TCP) if set will always hangup after each TCP connection. I don't know why this is important... it may disappear... running out of handlers is now a fatal error. you are using supervise, aren't you? :) install.sh now creates a sample configuration file with RUN_UID and RUN_GID already set when using RPM... rpm builds require less fiddling now... 2.00r added support for handling more than just "QUERY" rewrote logging code (removed gcc-dependant parts) it should now build on other compilers. can anyone verify? NOTIFY operation support added; runs program in $HELPER_NOTIFY some IXFR support added minor bugfix to tcp server code when using inetd/xinetd/etc 2.00q fix potential DoS when AXFR fails bugfix to the RPM specfile (required openldap-server, that was wrong) fixes to install script new: sysvinit files in sysvinit/ sample configurations in sample/ installation documentation cleaned up some changes to hashtab library (minor) bugfix to tcpserver by Ilya V Kotusev; useful for high-latency connections (small TCP packets) started building debian install scripts. they don't work yet. 2.00p more bugfixes to AXFR. djb's axfr-get works flawlessly now zone transfers now confirmed to work with named-axfr hashtable now supports true integers- this is to help work around a bug in dealing with big-endian machines; this should solve problems with sparc and mips architectures. 2.00o another bugfix to AXFR differentiation 2.00n bugfix to logging display bugfixes from Ilya V Kotusev help standalone AXFR work AXFR is now working "properly" (as per the documentation, and as per ldapdns-1 series) 2.00m bugfix to transfer_zone bugfix to secondary_zone (making it actually useful) doesn't respond the name name over and over again in additional :) putting a '*' in the sOARecord automatically causes failure. this is useful for operations that resell dns-space... Chris Jantzen made it possible to bind anonymously, and found a typo in install.sh (/command instead of /commands) bugfix to put responses in correct sections client differentiation now possible for AXFR requests 2.00l fixes to parts that tried to snoop inside bin-structs manually. this solves some problems on redhat boxes. some minor changes to the INSTALL file 2.00k now puts the IP addresses of nameservers in the ADDITIONAL section fixed a bug where ldapdns could close it's server fd fixes to cond operation; the cond always caused timeouts to occur. things are back to normal speed now 2.00j should not waste quite as many CPU cycles; now using pthread_cond to determine whether or not we've started processing a ldap connection. this should give better performance under lighter loads. added some new entries to the FAQ sleep-svc dropped; use $SUPERVISE to enable self-supervising mode some fixes to the core that saves a poll() in tcp-server mode when handlers are full. setting AXFR now possible at request-time; new switch-file "axfr" contains same format as "switches" except that the ascii string is what is used as the AXFR base (same as if $AXFR was set to it) 2.00i three bugs found by Przemyslaw Wegrzyn that affected SOA transmission. two prevented the hostmaster field from being honored; the other put the SOA in the correct part of the query. syslog support integrated into ldapdns/ldapaxfr; simply set LOG=syslog you can disable syslog usage by removing HAVE_SYSLOG from Makefile syslog-svc removed (no longer needed) made the TCP client (ldapaxfr) actually work started work on standalone AXFR server. this is still experimental; there are some locking issues that need to be resolved. 2.00h this release should fix problems running on RedHat 7.2 systems cleaned up a few (minor) things 2.00g added a comparison chart new admin scripts: dhcp_names and samba_names for integrating ISC's DHCP and SAMBA with your nameserver bugfix in ldapdns-conf/ldapdns-axfr repaired a manifest was added bugfix that causes a coredump when used by some stupid resolvers (namely nslookup) - of course, i suppose this means that I'm stupid for falling for their tricks... 2.00f a new mechanism for client differentiation has been added: for aRecords, you can specify the target as: subnet/cidr=realtarget which will only return this record if the client matches the listed subnet. this has the added benefit of not requiring any local files, BUT can cause problems if your network is mobile. fixed some message-ID reuse bugs; resolving some thread-clobbering bugs. 2.00e some textual changes added some more entries to the FAQ (openldap bashing) stopped using some obsolete ldap functions reintegrated kerberos/sasl support added README.using-rpm put locking around use of stderr; hopefully this will improve log readability made it possible for the ldap connections to restart flipped this file upside down :) 2.00d added .spec file for RPM users included tools to start ldapdns without daemontools bugfix to ldapaxfr-conf (writes correct program name now) 2.00c ip/port now loaded in tcpserver.c client differentiation similar to tinydns (only for aRecord) 2.00b new install script security checks on root/password full threading support (see faq) 2.00a core rewrite: all djb code dropped, rereleased under GPL. this release adds support for pthreads for improved performance 1.09 new feature: LDAPDNS_ACCELERATE_CACHE see the FAQ for details (initial) kerberos/sasl support 1.08 transitional: bugfixes for RFC1279 support bugfixes to ldapaxfr when doing PTR delegation 1.07 bugfix found by mg@bindone.de - he may not have found out what the bug actually was doing, but the problems associated with it were still fixed. kudos to zen. small bug found by steki@verat.net in ldapaxfr.c - could be used to segfault it under (unusual) conditions. fixed. oddly enough, i could never reproduce it -- the code in that part is identical to djb's own axfrdns... odd... the one most wanted feature: real PTR records. i'm still very opposed, but using the environment variable "LDAP_SEEALSO" will allow ptr records (encoded as a distinguished name) in the seeAlso attribute to exist. these are NOT CHECKED: they are simply reported the same way the LDAP server would. note that using LDAP_SEEALSO disables the normal (normal for ldapdns) CNAME overloads.... 1.06 better RFC 2317 support; if it's not in-addr.arpa domain, but we don't have the real-results in our directory, we respond CNAME anyway. reworked some things to help get rid of gcc compiler warnings; proper casting, union tricks, etc. 1.05 merging changes to 1.03 from jordan@mjh.teddy-net.com - new admin tool secondary_zone: like transfer_zone but reads from a BIND zone file... for people that want to use ldapdns as a secondary for a while... - PTR/CNAME extensions to support RFC 2317 -- see the FAQ - configuration tool fixups (change ownership of env/ROOT) - ldapdns supports new env: RELATIVE_NAMES that allows names found in cNAME and mX (and etc) to be relative like bind... - can specify hostmaster now on a per-zone basis - can now perform anonymous binds 1.04 ldapdns can now speak to Active Directory and in-place of BIND+LDAP - understands dnsRecord attributes ala [RFC 1279] - understands dnsRecord attributes ala Microsoft-DNS 1.03 added more entries to the faq had ldapdns bomb out on ldap queries faster 1.02 fixed transfer_zone started the changelog and added some entries to the FAQ... 1.01 prepared admin scripts 1.00 initial release 0.99 not-released: worked around memory leak 0.98 made CNAME's work like i want...