12.07 Update everything -- hell, it's been some 10yrs! 2 3 Documentation, and other "informative" texts got most of the work; 4 Added new VALID links, announcement(s) regarding the new maintainer 5 and that it's actually ALIVE again. :) 6 7 Marked the old/bad links as such 8 9 bumped version 10 11 setup CVS, SVN, WWW, and created online doc's 12 132.06 minor bugfixes to simple-search mode 14 (thanks =?gb2312?B?uai/qurN?=) 15 16 Oliver Tschaeche points out we're missing some SOA answers. 17 18 Steven McCoy added support for LDAP URLs. 19 20 Chris Garrigues points out LDAPDNS couldn't make DomainKeys. This 21 behavior has changed finally. 22 23 minor bugfix to hash algorithm. i knew there was a reason I was 24 getting so many collisions. 25 262.05 minor bugfixes 27 28 reworked the meaning of @ and $SCHEMA=ldapdns to be more like 29 LDAPDNS 3. 30 31 fixed a potential crash due to misconfiguration. 32 332.04 Giacomo Cariello fixed an AXFR bug that seems to occur with a 34 different version of OpenLDAP than I have. 35 36 protect AXFR from being used with $SCHEMA=ldapdns 37 38 LOG _was_ commented out of init scripts... now it isn't. package 39 maintainers and non-djbish users can now have logging 40 41 Jeff Clark submitted some changes to fix RELATIVE NAMES and to 42 workaround the fact that openldap > 2.1.8 no longer has the 43 client side cache. 44 45 the configure script can now detect openldap 2.1.8 and greater 46 472.03 whoops... changed both NS reponses to ANSWER instead of swapping 48 them. Thanks Andreas! 49 502.02 Paul Fleischer found a bug in the SOA parsing code; The code now 51 works with non-GNU compilers... 52 53 will now give NS answers even if no other answers are possible... 54 55 fixed possible memory leak when using $SELFNS 56 57 @ translation for nSRecord now occurs earlier and hopefully a bit 58 more consistantly. 59 602.01 rollover into 2.01 61 62 versioning scheme changed to make package maintainers' jobs easier 63 64 debian packages updated (slightly) 65 66 jd@epcnet.de added fixes to use minimum as ttl instead of 67 refresh-time, SOA handling for DENIC, and a tool for converting 68 BIND9 zones using dig: http://www.dolze.de/ldapdns/zone2ldif.tgz AND 69 a fix for segfaults when using split-horizon wrong :) 70 71 bugfix for AXFR; supports communication with BIND9 now... 72 73 sOARecord can now simply be a serial number (request) 74 75 tries to detect the difference between a version 2 and version 3 76 LDAP server. 77 78 DN_MODE_LDAPDNS was moved to 0x03 and the default is now 79 DN_MODE_COSINE 80 81 associatedDomain can now be used with $SCHEMA=LDAPDNS for finding 82 the root of a DNS zone. 83 84 from the mailing list, we have a new way of determining our local 85 domain name... expect domainname.sh to get better... 86 872.00-10 minor bugfix (LOG_PERROR reverse logic) 88 89 better detection of solaris (Jason Parsons) 90 91 incorporated changes from jd@epcnet.de 92 93 Giacomo Cariello suggested environment variables for DEFAULT_* 94 settings. This is now done. the defaults also are more favorable 95 to other national nics. 96 97 982.00-9 sorry i've been gone for so long 99 100 initial debian support now (yay!) 101 102 some changes to the documentation 103 104 changes to the configure script that may help linking against a 105 static OpenLDAP lib on Solaris. 106 107 install.sh tries TRUEPREFIX if the PREFIX was empty 108 109 Giacomo Cariello brought to my attention a problem with the *BSDish 110 systems. if tm_isdst is set, then they will currently fail if the 111 current timezone would yield an invalid value (instead of 112 normalizing it like other operating systems do). I detect this, and 113 a few other weird values from mktime() and make an effort to do the 114 right thing (disabling daylight savings time). This WILL cause a 115 problem if you use zone transfers on these machines when DST goes 116 into effect. The real solution? Have your LDAP server run in UTC 117 (they don't honor DST) and run your LDAPDNS in UTC as well. See? 118 Problem solved! 119 120 changes from Mariano Absatez added to get LDAPDNS to use LDAPv3- 121 even if it doesn't do any version-3 related things (yet). This seems 122 to me to be a bug in OpenLDAP 2.1; but PureFTPd works around it 123 similarly so I see no reason not to... 124 125 Giacomo Cariello also noticed a problem with sOARecord attributes, 126 and especially problems with getting serial numbers working. this 127 has been fixed. sOARecord now overrides modifyTimestamp attributes 128 in the directory. 129 1302.00-8 minor bugfixes that should work around bugs in solaris headers 131 132 some modifications for the init-scripts so that suse's insconfig 133 will work. 134 135 syslog support now working after chroot() 136 1372.00-7 bugfix by Ilya: additional (needed) locking 138 139 some timing bugs that would cause lots of error messages to pop up. 140 could hang ldapdns under extremely _low_ load. 141 142 now returns NXDOMAIN by default if zonesearch fails. 143 144 Ilya found a hangup; if you restart OpenLDAP on a SMP box, ldapdns 145 _might_ freeze. It's been announced as fixed, and here :) 146 147 AXFR SOA now returns the name nameserver as other SOA lookups :) 148 149 minor fixes to DNS ordering (as per the mailing list) 150 1512.00-6 bugfix in dns_packet_skipname() 152 [i never use it... but hey :) ] 153 154 AXFR searches use less memory now (not dependent on amount of data) 155 156 fix to configure script searching for poll() 157 158 bugfix in config.pl (admin scripts) 159 1602.00-5 more AXFR bugfixes (message ordering) 161 162 added response_axfr() functions (for dealing with axfr dialog) 163 164 a few other minor bugfixes 165 166 if you need AXFR, this is the release for you 167 -- it actually works again :) 168 1692.00-4 bugfix for AXFR (all modes) 170 171 bugfix to engine.c (registering garbage collector) 172 1732.00-3 bugfix for freebsd (ip4/ip6: zero out the sockaddr) 174 175 bugfix concerning treatment of $AXFR and $ROOT/axfr not consistant 176 with documentation 177 178 workarounds for memset/bzero/memcpy/etc not being present 179 180 malloc/free replaced with mem_alloc and mem_free that use a 181 preallocated buffer like djb - but if they run out will dump the 182 ldap cache (as a last ditched effort) -- whether or not this is a 183 good idea is best left to the people that actually run out of 184 memory :) 185 1862.00-2 bugfix release 187 188 fix to redhat spec 189 fix to supervise mode (wrong pid being written) 190 191 fix to hash table (now copies the key) 192 (change to engine.c to reflect this) 193 1942.00-1 bugfix release 195 196 supervise mode fixed 197 modifications to configure to search for 198 pthread_kill_other_threads_np 199 200 logging code fixed (LOG=/path/tofile and LOG=|program) 201 2022.00 welcome to ldapdns 2.00 203 204 new env: $DNS_THREADS and $LDAP_THREADS - this should provide faster 205 response on picking up queries 206 207 now automatically grows the number of handlers as needed; you can 208 still use $HANDLERS to "preload" the number of initial handlers. 209 210 $HANDLERS=0 means to use the default 2(l+d) 211 $HANDLERS=1 _really_ means to use a special 1:1 mapping 212 * this configuration works _really_ well for systems with 213 poor scheduling (or perhaps just poor threads) like OpenBSD 214 and FreeBSD -- it is REALLY not good at all for SMP systems 215 * AXFR will _always_ use this configuration in tcpserver mode 216 217 and with that: the interface is now stable. only bugfixes on this 218 branch now. 219 220 /var/state/ldapdns was changed to /var/lib/ldapdns 221 222 split-horizon works again 223 2242.00z alterations to the message loop (lagging that only shows up 225 under extremely high loads) 226 227 various commenting fixes 228 229 reorganized the startup proceedure 230 231 swapped the meanings of NO_ADDITIONALS/NO_ADDITIONALS_NS (to better 232 coincide with what you think they should do) 233 234 IPV6 transport may be working now (try IP=::) 235 * note, i don't have IPv6 on my own systems... it is up to YOU 236 to help debug this. 237 238 2392.00y minor bugfixes to the sysvinit scripts (systems without /sbin in 240 path) 241 242 modifications to install.sh and ldapdns.spec supplied by 243 mark@rubberchicken.org 244 245 better random number generation 246 247 calculated simple searches; using foobar.mydomain.com, can find: 248 dn: cn=person, o=myorg 249 cn: person 250 dc: foobar 251 aRecord: 192.168.0.1 252 (see README.search) 253 254 more workarounds for MS-DNS 255 256 preliminary IPV6 support - note this is for using IPV6 as a 257 transport, not answering AAAA and friends. use generic records for 258 those things for now... (mostly just parsing stuff) 259 2602.00x it's been a bumpy ride these past few versions. this stabalizes 261 things 262 263 minor bugfixes to DNS-name compression code 264 265 minor bugfixes to subrequest code 266 267 GNU-style configure script 268 269 running out of handlers is no longer a fatal error 270 271 threads<->handlers are now balanced via load 272 273 we now use OpenLDAP's modifyTimestamp for a serial number. this 274 makes zone transfers actually possible (and sane) using ldapdns with 275 BIND secondaries 276 277 sets the [aa] and [ad] bits like BIND (not like djbdns anymore) 278 279 reverted to the 2.00t message loop. I removed my semaphore library. 280 281 dns_* functions renamed tp_* for "transport" 282 283 the INSTALL documentation is a lot less threatening :) 284 285 2862.00w we skipped 'v' because it looks silly right after 'u' :) 287 but that's okay, because there's lots of silly updates 288 289 we're getting close to the end of the 2.00 interface stabilization. 290 if there's ANYTHING ELSE you think you wanted to see in the 2.00 291 tree, now is the time to bring it up. 292 293 generic records format changes; 0xFF in photo must be escaped as 294 0xFF00 295 this is to accomodate name compression for SRV records 296 297 new administrative tools: add_generic_record and set_generic_record 298 see the README.generic-rr for details 299 300 can specify a non-standard port with $PORT 301 302 preliminary NETBIOS support. set PORT to 137 and NETBIOS=1 303 if you want to answer NETBIOS WINS/NBNS queries 304 * note, this code depends on NS-UPDATE... until that's finished, 305 * you cannot use ldapdns as a full-fledged WINS server 306 307 works around a bug in MS-Proxy Server and MS-DNS: 308 apparently MS-XXX claims SOA for all cached domains. 309 it forwards all requests as ANY requests, and only caches 310 this information. if an SOA isn't provided, MS-XXX will 311 use it's own to "remember" that it's cached wrong. 312 313 so now we're back to really old behavior: we `include' SOA's, 314 no matter how wasteful, with every "ANY" request. 315 316 Ilya V Kotusev rewrote the message loop again to use semaphores. 317 This looks a lot cleaner. 318 319 OpenBSD 2.9 and earlier don't have POSIX 1003.1b semaphores. there 320 is a (partial) pthread-only implementation in sem.h that works well 321 enough for ldapdns. If you have a better one, use -DHAVE_SEMAPHORE 322 and it'll use your system-installed one. 323 *Under Linux, you SHOULD use the linuxthreads semaphore library. 324 You will not like what can happen if you do not. 325 326 $NS or $NS1 $NS2 $NS3... can fudge up nameservers returned. This is 327 useful to many people taking over control over domains that list 328 different records in the root nameservers. 329 330 $SELFNS allows you to specify a "root nameserver node" for the SOA. 331 we'll see just how useful this is later on. 332 333 nSRecord attributes can contain a single '@' which will allow them 334 to be considered as roots of a zone, but emitting nameservers will 335 only emit those supplied with $NS or $NS1 $NS2 $NS3... 336 3372.00u minor bug in engine.c -- slowed recovery slightly. 338 339 minor bug in install.sh; doesn't get "named" 's uid properly 340 3412.00t built-in supervise works a little better 342 343 added some more entries to the FAQ 344 345 tries to restart ldap connections for more kinds of errors. 346 347 tries to balance ldap connections to different hosts better, 348 rebalances if one goes down 349 350 Ilya V Kotusev learned more about OpenLDAP's reentrancy(sic) and 351 rewrote the message loop. It should never block now. 352 353 He also changed is to that if openldap is taking it's sweet ass 354 time, we no longer send SERVFAIL -- we just stop talking. 355 356 the makefile should work without GNU make now... 357 3582.00s try to avoid hanging ldapdns if stderr is missing 359 360 the ability to disable ADDITIONAL section usage has been added. 361 this could give the illusion of being able to handle more requests 362 by simply forcing the client to make more. use the source. PDNS and 363 Incognito DNS COMMANDER both do this. I think it's a bad idea, but 364 if you want pretty benchmarks for LDAPDNS and you want to compare 365 against PDNS and DNS COMMANDER, you should probably enable this 366 setting (disable ADDITIONAL/SUBREQUEST) 367 368 Address records can now be randomized with SCHEDULE_ARECORD=random 369 370 Fixed a bug in DNS name decoding (NOTIFY and UPDATE) 371 372 NSUPDATE support added (does everything but actually modify 373 the directory... stay tuned) 374 375 $TIMEOUT (or $TIMEOUT_TCP) will hangup on idle tcp seconnections 376 (in seconds) 377 378 $ALWAYS_HANGUP (or $ALWAYS_HANGUP_TCP) if set will always hangup 379 after each TCP connection. I don't know why this is important... it 380 may disappear... 381 382 running out of handlers is now a fatal error. you are using 383 supervise, aren't you? :) 384 385 install.sh now creates a sample configuration file with RUN_UID 386 and RUN_GID already set when using RPM... 387 388 rpm builds require less fiddling now... 389 3902.00r added support for handling more than just "QUERY" 391 392 rewrote logging code (removed gcc-dependant parts) 393 it should now build on other compilers. can anyone verify? 394 395 NOTIFY operation support added; runs program in $HELPER_NOTIFY 396 397 some IXFR support added 398 399 minor bugfix to tcp server code when using inetd/xinetd/etc 400 4012.00q fix potential DoS when AXFR fails 402 bugfix to the RPM specfile (required openldap-server, that was 403 wrong) 404 405 fixes to install script 406 407 new: sysvinit files in sysvinit/ 408 sample configurations in sample/ 409 410 installation documentation cleaned up some 411 412 changes to hashtab library (minor) 413 414 bugfix to tcpserver by Ilya V Kotusev; useful for high-latency 415 connections (small TCP packets) 416 417 started building debian install scripts. they don't work yet. 418 4192.00p more bugfixes to AXFR. djb's axfr-get works flawlessly now 420 421 zone transfers now confirmed to work with named-axfr 422 423 hashtable now supports true integers- this is to help work around a 424 bug in dealing with big-endian machines; this should solve problems 425 with sparc and mips architectures. 426 4272.00o another bugfix to AXFR differentiation 428 4292.00n bugfix to logging display 430 431 bugfixes from Ilya V Kotusev help standalone AXFR work 432 433 AXFR is now working "properly" (as per the documentation, 434 and as per ldapdns-1 series) 435 4362.00m bugfix to transfer_zone 437 bugfix to secondary_zone (making it actually useful) 438 439 doesn't respond the name name over and over again in additional :) 440 441 putting a '*' in the sOARecord automatically causes failure. 442 this is useful for operations that resell dns-space... 443 444 Chris Jantzen made it possible to bind anonymously, and found a 445 typo in install.sh (/command instead of /commands) 446 447 bugfix to put responses in correct sections 448 449 client differentiation now possible for AXFR requests 450 4512.00l fixes to parts that tried to snoop inside bin-structs manually. 452 this solves some problems on redhat boxes. 453 454 some minor changes to the INSTALL file 455 4562.00k now puts the IP addresses of nameservers in the ADDITIONAL 457 section 458 459 fixed a bug where ldapdns could close it's server fd 460 461 fixes to cond operation; the cond always caused timeouts to occur. 462 things are back to normal speed now 463 4642.00j should not waste quite as many CPU cycles; now using 465 pthread_cond to determine whether or not we've started processing a 466 ldap connection. this should give better performance under lighter 467 loads. 468 469 added some new entries to the FAQ 470 471 sleep-svc dropped; use $SUPERVISE to enable self-supervising mode 472 473 some fixes to the core that saves a poll() in tcp-server mode 474 when handlers are full. 475 476 setting AXFR now possible at request-time; new switch-file "axfr" 477 contains same format as "switches" except that the ascii string is 478 what is used as the AXFR base (same as if $AXFR was set to it) 479 480 4812.00i three bugs found by Przemyslaw Wegrzyn that affected SOA 482 transmission. two prevented the hostmaster field from being honored; 483 the other put the SOA in the correct part of the query. 484 485 syslog support integrated into ldapdns/ldapaxfr; simply set 486 LOG=syslog you can disable syslog usage by removing HAVE_SYSLOG from 487 Makefile 488 489 syslog-svc removed (no longer needed) 490 491 made the TCP client (ldapaxfr) actually work 492 493 started work on standalone AXFR server. this is still experimental; 494 there are some locking issues that need to be resolved. 495 4962.00h this release should fix problems running on RedHat 7.2 systems 497 cleaned up a few (minor) things 498 4992.00g added a comparison chart 500 new admin scripts: dhcp_names and samba_names for integrating 501 ISC's DHCP and SAMBA with your nameserver 502 503 bugfix in ldapdns-conf/ldapdns-axfr repaired 504 a manifest was added 505 506 bugfix that causes a coredump when used by some stupid resolvers 507 (namely nslookup) - of course, i suppose this means that I'm stupid 508 for falling for their tricks... 509 5102.00f a new mechanism for client differentiation has been added: 511 for aRecords, you can specify the target as: 512 subnet/cidr=realtarget 513 which will only return this record if the client matches the listed 514 subnet. this has the added benefit of not requiring any local files, 515 BUT can cause problems if your network is mobile. 516 517 fixed some message-ID reuse bugs; resolving some thread-clobbering 518 bugs. 519 5202.00e some textual changes 521 added some more entries to the FAQ (openldap bashing) 522 stopped using some obsolete ldap functions 523 reintegrated kerberos/sasl support 524 added README.using-rpm 525 526 put locking around use of stderr; hopefully this will improve 527 log readability 528 529 made it possible for the ldap connections to restart 530 531 flipped this file upside down :) 532 5332.00d added .spec file for RPM users 534 included tools to start ldapdns without daemontools 535 bugfix to ldapaxfr-conf (writes correct program name now) 536 5372.00c ip/port now loaded in tcpserver.c 538 client differentiation similar to tinydns (only for aRecord) 539 5402.00b new install script 541 security checks on root/password 542 full threading support (see faq) 543 5442.00a core rewrite: all djb code dropped, rereleased under GPL. 545 this release adds support for pthreads for improved performance 546 547 5481.09 new feature: LDAPDNS_ACCELERATE_CACHE 549 see the FAQ for details 550 551 (initial) kerberos/sasl support 552 5531.08 transitional: bugfixes for RFC1279 support 554 bugfixes to ldapaxfr when doing PTR delegation 555 5561.07 bugfix found by mg@bindone.de - he may not have found out what 557 the bug actually was doing, but the problems associated with it were 558 still fixed. kudos to zen. 559 560 small bug found by steki@verat.net in ldapaxfr.c - could be used to 561 segfault it under (unusual) conditions. fixed. oddly enough, i could 562 never reproduce it -- the code in that part is identical to djb's 563 own axfrdns... odd... 564 565 the one most wanted feature: real PTR records. i'm still very 566 opposed, but using the environment variable "LDAP_SEEALSO" will 567 allow ptr records (encoded as a distinguished name) in the seeAlso 568 attribute to exist. these are NOT CHECKED: they are simply reported 569 the same way the LDAP server would. note that using LDAP_SEEALSO 570 disables the normal (normal for ldapdns) CNAME overloads.... 571 5721.06 better RFC 2317 support; if it's not in-addr.arpa domain, but we 573 don't have the real-results in our directory, we respond CNAME 574 anyway. 575 576 reworked some things to help get rid of gcc compiler warnings; 577 proper casting, union tricks, etc. 578 5791.05 merging changes to 1.03 from jordan@mjh.teddy-net.com 580 - new admin tool secondary_zone: like transfer_zone but reads from a 581 BIND zone file... for people that want to use ldapdns as a 582 secondary for a while... 583 - PTR/CNAME extensions to support RFC 2317 -- see the FAQ 584 - configuration tool fixups (change ownership of env/ROOT) 585 - ldapdns supports new env: RELATIVE_NAMES that allows names found 586 in cNAME and mX (and etc) to be relative like bind... 587 - can specify hostmaster now on a per-zone basis 588 - can now perform anonymous binds 589 5901.04 ldapdns can now speak to Active Directory and in-place of 591 BIND+LDAP 592 - understands dnsRecord attributes ala [RFC 1279] 593 - understands dnsRecord attributes ala Microsoft-DNS 594 5951.03 added more entries to the faq 596 had ldapdns bomb out on ldap queries faster 597 5981.02 fixed transfer_zone 599 started the changelog 600 and added some entries to the FAQ... 601 6021.01 prepared admin scripts 603 6041.00 initial release 605 6060.99 not-released: worked around memory leak 607 6080.98 made CNAME's work like i want... 609