forked from spamhaus/rbldnsd
-
Notifications
You must be signed in to change notification settings - Fork 0
/
NEWS
819 lines (607 loc) · 31.5 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
This file describes user-visible changes in rbldnsd.
Newer news is at the top.
1.0pre (Still not official, to be released)
- Empty Non Terminals patch. This is a compile-time option and
is meant to address some incompatibilities with RFC 7816.
Adding the "$ENT" special entity to all the datasets.
- Support for systemd added (thanks to Marco d'Itri). Please
use --enable-systemd when configuring and make sure that you have
pkg-config installed.
- Test suite migrated over to python-3. Thanks to
Michael Orlitzky for the contributions.
- Fix a longstanding bug in the base-template replacement
- Removal of deprecated features (aka: NS record compatibility mode)
- Adding -F flag, used to identify the log facility of the daemon.
- fix tests for systems without ipv6 support, or when ipv6 is
disabled in rbldnsd at compile-time
- fix tests for API change in pydns >= 2.3.6
- It is no longer an error to request binding to a particular
address/port more than once. (The subsequent requests are simply
ignored.) (This avoids confusion on certain systems/configurations
where gethostbyname("localhost") can return 127.0.0.1 multiple
times.)
- Moving rbldnsd.spec file under contrib/rpm/ to match debian move
- Updating various pointers to point to new contrib/ locations
(both debian and rpm spec)
- Maintenance of RPM spec file to match new file locations, versions,
and the make dist tar file naming schema.
- Fix for sockaddr_equal() which was missing an IPv6 case.
0.998b (21 Dec 2016)
- Fix for memory errors on very large datasets.
Patch by Andrew Clayton
0.998a (06 Sep 2016)
- Minor fixes in copyright and documentation
- bugfix: minor fix to prevent errors on newer compilers
- Moving debian/ old directory under contrib/debian/
0.998 (05 Dec 2015)
- bugfix: correctly handle V4MAPPED (v4 in v6) addresses, the
original v6 prefix was wrong. Thanks to Alex Lasoriti for
finding the issue
- bugfix: sometimes IP4-based datasets gave false positives when
an IP6 dataset were present, and it was also possible to have
false positive in IP6 datasets. Both has been fixed.
0.997a (23 Jul 2013)
- minor fixes/changes in packaging, no code changes.
In particular, fixes a build failure on *BSD introduced in 0.997
0.997 (29 Jun 2013)
- main feature of this version is ipv6 support. Many thanks to
Geoffrey T. Dairiki for the implementation of btrie (btrie.c) which
is far superior to old ip4trie code and handles both v4 and v6
- feature: ip6trie - new dataset supports listing of arbitrary length
ip6 CIDRs, along with individual A/TXT values for each prefix
- feature: ip6tset - new dataset supports listing of ip6 /64 subnets
and the exclusion of /128 subnets; only supports a single A/TXT value
for the entire dataset
- optimization: ip4trie - using new trie implementation (developed for
the ip6trie dataset) decreases memory consumption by roughly a factor
of three
- feature: acl dataset - ip6 addresses are now supported in ACLs
- feature: added --enable-asserts configure option to enable
compilation of debugging assertions; assertion checking is
disabled by default
- featurette: zero-length "wildcard" IP4 CIDR prefixes are now
allowed in ip4trie and acl datasets.
0.996b (29 Mar 2008)
- most stuff is very minor, while preparing for larger changes
for 0.997 and 1.0.
- several (mostly minor) bug and portability fixes.
- feature: ability to specify "base template" for a dataset, using $=
variable. See manpage for details, "Resulting A values and TXT templates"
section.
- incompat: due to the above change ($= base template), in TXT entries which
starts with equal sign (=), the first character (which is `=', obviously)
is removed. $= is now treated specially too.
- feature: (experimental) support for dynamically-loaded extensions (DSOs),
in place of (previously unfinished) compile-time "hooks" support.
New options -x/-X, to load an extension and to specify argument for it.
Usage document has to be written still.
0.996a (27 Jul 2006) (The "34-Birthday Release")
- -a/-A (-A is new, currently a noop) option clarification/addition.
Don't mark -a as experimental anymore, and note that -a mode
("lazy", minimal-answers, w/o AUTH section in every reply) will
be the default in future versions. -A tells rbldnsd to go to
"non-lazy" mode. Document options in the manpage.
- bugfix: fix configure script breakages:
portability: for f; do => for f in "$@"; do
fix broken GNU C (mis)detection
- bugfix: fix dataset "un-expiration". Previously, once a dataset has expired,
it never "un-expires" again even if new expire time is in future. Due to
missing reset of a dataset structure field.
- portability: apparently at least one (broken) linux distribution includes
kernel modification which leads to losing SIGALRM interrupts at times.
So use setitimer() instead of alarm(), if available.
- minor code cleanups here and there (fixing (real) GCC-4.1 warnings).
- Debian-specific: adopt to more recent Debian packaging requiriments,
and ensure that Debian package builds with zlib support
0.996 (19 Feb 2006)
- experimental feature: data expiration support, in form
$TIMESTAMP created expires
see manpage for details.
- feature: recognize new 'pass' entry in ACL "dataset", to allow
whitelisting of a particular network/host covered by another
ACL entry.
- bugfix (sort of): deal with possible null-pointer dereferences on some
systems such as FreeBSD where realloc(smaller_amount) may actually
return NULL. Note that this particular malloc implementation (where
realloc() may return NULL if requested to reallocate to a smaller
amount of memory) perform very badly with rbldnsd in the first place:
rbldnsd tries to free some unused memory at the end of data load
process, and realloc() forces a copy so there will be extra copy of
a huge data and bad memory fragmentation, so on next reload rbldnsd
will most likely just run out of memory. I think it's best to experiment
with alternative malloc implementation on such systems, eg dmalloc.
- feature: rbldnsd is now able to read gzip-compressed data files, doing
transparent on-the-fly decompression, if built with zlib support
(if built w/o zlib support, it still checks whenever datafile is
compressed and refuses to load it if it is). Use -C option to turn
this feature off.
- due to zlib support, this version introduces rewritten data-reading
loop (previously with fgets()) - on some systems this results in
noticeable (re)load speed improvement on large datasets.
- number of max nameservers (MAX_NS in rbldnsd.h) increased from 20 to 32,
per request from Spamhaus.
- feature: configure script now accepts command-line options (--enable-xx
and --disable-xx) to turn optional features on/off (including stats,
ipv6, master-dump and zlib), and saves such options into config.status
so that automatic re-making will pick up the right options again.
0.995 (28 Apr 2005)
- feature: allow glue records for nameservers (IPv4 only for now,
as there's no AAAA record support yet). Generic dataset it the
most appropriate place to specify actual A records for the NSes.
- when replying to NS or ANY query to the base zone, rbldnsd now
returns set of nameservers in both ANSWER and AUTHORITY section.
- feature: (initial, experimental) ACL support. It is possble to force
certain kinds of replies to be sent to certain clients (based on the
client IP address), regardless of the query the client performs.
Read rbldnsd(8) manpage for the details.
This feature is experimental. Basic idea will remain but details are
likely to change in the future, as requiriments will be understood
better.
- feature: ENDS0 support for UDPsize, allowing replies larger than 512
bytes for clients claiming EDNS0 support (appropriate OPT record in
additional section in query). Not really user-visible change per se,
but may be quite visible for clients especially when our replies are large.
0.994b (16 Apr 2005)
- bugfix: use of uninitialized pointer in ip4set and ip4trie
datasets when input data file (A+TXT template for a given
entry) is invalid, instead of rejecting the line. This can
lead to "random" crashes.
0.994a (10 Mar 2005)
- bugfix: for queries for base subzone in combined dataset,
rbldnsd improperly returned NXDOMAIN instead of NODATA -- eg
a query for sub.bl.example.com where sub is a subzone of
a combined dataset "rooted" at bl.example.com resulted in
NXDOMAIN while the name obviously does exists. Fixed (one-liner).
0.994 (18 Dec 2004)
- bugfix: fix a memory leak when $n-style substitutions
are being used: each $n definition resulted in a leak
of the substitution text on every reload (used estrdup()
but should be using mp_strdup())
- feature, sort of: allow to omit support for -d option,
thus eliminating some bloat: DEFS = -DNO_MASTER_DUMP
- bugfix: fixed master-format dump (-d) for ip4trie - some
ranges weren't expanding properly, resulting in missing entries
- bugfix: fixed master-format dump (-d) for ip4set: when
we have two entries in input:
127.0.0.0/8 a
127.0.0.2 b
for master-format dump there should be 4 lines, not 2 as
before:
2.0.0.127 b (was ok before)
*.0.0.127 a (was missing)
*.0.127 a (was missing)
*.127 a (was ok before)
Without the two intermediate lines, named returns NXDOMAIN
for eg 3.0.0.127 or x.1.0.127. Quite an.. interesting case...
0.993.1 (29 Jul 2004)
- only minor, mostly (Debian) package-specific, stuff
(see debian/changes for details)
0.993 (01 Jul 2004)
- bugfix: fix 0.0.0.0 A value being used instead
of the specified real IP address in a case like
":127.0.0.2" (use specific A and default TXT)
(noted by njabl)
- feature: allow (optional) names for subdatasets
in combined dataset, for better logging. Specify
:name after dataset type in $DATASET line, like
$DATASET ip4set:http proxies @
$DATASET ip4set:relays relays @
- feature, safety: implement and enforce $MAXRANGE4
special like this:
$MAXRANGE /24
$MAXRANGE 256
the maximum "size" of a single entry, in number
of IPv4 addresses it covers. If an entry covers
more addresses, it is ignored (and warning is
logged). The constraint may be decreased by the
following $MAXRANGE special, but can not be
increased. Global per dataset.
- feature, safety: ignore incomplete last lines
(lines w/o end-of-line terminator) in data
files (to prevent mis-interpreting of incomplete
data)
- feature, safety: check for data file changes during
reloads (while reading data), and abort loading
(and mark all zones to return SERVFAIL until next
reload) if a change is detected.
- safety: do not treat bare numbers as /8 ranges.
10 -- wrong from now on
10/8 -- ok
10-11 -- ok
- safety: require equal number of octets for x-y
style ranges:
1.2.3-2.3.4.5 -- wrong
1.2.3.0-2.3.4.5 -- ok
1.2.3.4-2.3.4 -- wrong
1.2.3.4-2.3.4.5 -- ok
and the "repeat-last-octet" variant is still
ok too, obviously:
1.2-3 -- ok
1.2.3-4 -- ok
1.2.3.4-5 -- ok
- safety: only accept complete, 4-octet IPv4
addresses in ip4tset, do not allow weird stuff
like inet_aton() allows:
10 = 0.0.0.10 -- wrong
10.1 = 10.0.0.1 -- wrong
- bugfix: several more small fixes for IP4 address
parser
- refine logging a bit, make it less verbose
(esp. when logging problems)
- bugfix: query logging (-l) with background
reloading: the file was not flushed properly
(resulted in double logging)
- bugfix: dump (-d) of MX record (generic dataset)
was incorrect
- bugfix: wrong subzone in $ORIGIN when dumping (-d)
combined dataset
- bugfix: incorect (opposite) evaluation of maxttl
0.992 (07 Mar 2004)
- feature: allow easy turning on/off individual NS
records in $NS line, by prefixing unused nameservers
with minus sign (-)
- bugfix: fix -d (master-format dump) for generic dataset
- bugfix: remove usage of NI_WITHSCOPEID (it was used for
unknown reason anyway and broke on latest solaris)
- #define _LARGEFILE64_SOURCE and use O_LARGEFILE if
defined in rbldnsd.c to be able to write larger
logfiles. Dunno whenever it will actually help,
but it at least works on linux.
- old -s option (log reload times/memusage) is gone,
it is now turned on all the time, but produces slightly
less verbose output.
- new -s option: write short statistic summaries into
given file, to help obtaining data for tools like RRD.
- format of statistic logging changed slightly, it is
a bit less verbose now too (and less confusing)
- feature: continue processing queries during reloads.
For this, rbldnds forks off the child process that
process queries while parent performs the reload.
Requires 2x more memory (changed datasets will be
doubled during reloads). -f option (not enabled
by default).
- feature: new dataset, ip4tset, very simplified ip4set.
Only accepts bare IP addresses, no netranges, no
exceptions, but requires 2x less memory and is faster.
- feature: extended -t option, allow minttl and maxttl
to be specified (to set constraints for TTLs found
in data files). New syntax is -t defttl:minttl:maxttl,
with everything optional (so -t defttl works too, as
well as -t ::1d).
- feature/expectation_fix: add an ability to specify A
but inherit default TXT value for an entry:
entry :addr: - specific A, no TXT
entry :addr - specific A, default TXT
- cleanup: remove redundrant CNAMEs from master-file dump
in ip4set
0.991 (30 Nov 2003)
- in order to be able to overrite both SOA and NS records
in data downloaded from 3rd party blocklist to use in
local environment, $NS record handling changed. From
now on, rbldnsd expects all nameservers to be specified
on one single $NS line. Compatibility with previous
releases preserved for now, but will be removed in the
future: if several domain names are specified in $NS
line, all other $NS lines are ignored; but when only one
nameserver is specified, rbldnsd still collects all such
single-ns lines as in previous releases.
- when the query matches several RRs with different TTLs
(e.g. from different datasets), rbldnsd now sets smallest
TTL in ALL RRs of this type.
- when several RRs of the same type exists in generic dataset,
we now trying to return them in "random" order. The
"randomization" is very dumb for now.
- implemented master format dump for ip4trie dataset
0.99 (16 Sep 2003)
- autoconf-style configuration. Run ./configure before make.
-DSTATS_LL gone; NOSTDINT_H, NOIPv6, NOMEMINFO, NOPOLL are
set automatically (hopefully). I dont use GNU autoconf just
because it is too huge, but my own "mini-autoconf" may be not
as portable/tested, obviously. Great thanks to Christian Krackowizer
(ckrackowiz at std.schuler-ag.com) for testing this stuff on
numerous platforms.
- remove EasynetDynablock and relays.osirusoft.com conversion scripts
- bugfix: Fixed range parsing. E.g., 24.217.64-191 did not work (and any
range like this where last two bits where xored into 255). Spotted by
easynet.nl folks, thanks. This bug occurs only when last 2 numbers,
when xored together, gives 255, like 124-131, 120-135, 127-128, 65-190,
64-191, ... The listing will never be matched, so bug does no harm
(i.e. no extra, incorrect listings).
- feature: allow logging to standard output (-l - or -l +-). See manpage
for details. Idea by Klaus Alexander Seistrup @magnetic-ink.dk.
0.98 (17 Aug 2003)
- incompatible change: bind address (-b option) is now mandatory.
Too many problems with INADDR_ANY, multihomed hosts and wrong
source address on replies.
- feature: allow listening on multiple addresses. Needed e.g.
on hosts where both IPv4 and IPv6 addresses are in use. Having
multiple listening addresses means rbldnsd now uses select/poll
(but it works exactly as before if only one listening address
specified). If your system does not provide working poll()
system call, specify -DNOPOLL at compile time.
- feature: recognize host/port syntax in argument for -b option
(bind address) to be able to bind to different ports. -P option
is gone again. Note that delimiter is slash (/), not colon (:),
to be able to work with IPv6 addresses correctly.
- feature, and incompatibility change in dnset DN interpretation.
*.example.com is now NOT the same as .example.com. Specify
*.example.com to include all subdomains of example.com, and
specify .example.com to include all subdomains AND example.com
itself - instead of specifying 2 lines, only one is now needed.
- bugfix: memleak in combined dataset: NS and SOA caches was
allocated for subzones of combined dataset (NS/SOA are never
used here).
- feature: respond to version.bind CH TXT requests (and version.server).
Use -v to hide version info from reply, or two -v's to disable this
feature completely.
- reply with REFUSED instead of FORMERR for unknown query class
- warn about truncated TXT records. DNS spec allows TXT record to be
more than 255 bytes long (by using a series of STRINGs in one RR,
each 255 bytes max), but there's no point using TXTs longer than
255 bytes for a DNSBL (think of SMTP rejection message)
- feature: new dataset, ip4trie, to store IP4 CIDR ranges. Unlike
ip4set, ip4trie can only hold one value per CIDR range and returns
only closest matching entry. Experimental.
0.97b (6 Aug 2003)
- bugfix: there was an error in per-zone statistics counting code
introduced in 0.97. This bug may be triggered remotely by *first*
DNS query since rbldnsd startup, provided the query is against a
zone for which rbldnsd is not authoritative. If such out-of-zone
query will be first, it will result in instant crash of a server.
Subsequent out-of-zone queries will not result in a crash, just
wrong counters (for previously queried zone) will be incremented.
Impact of this bug is low, since it is difficult to trigger the
bug and made rbldnsd crash.
Thanks Marco D'Itri (md at linux.it) for pointing this out to me.
0.97a (1 Aug 2003)
- bugfix: ip4parse_range(): invalid addresses was not marked as such,
which may result in various crashes when parsing bogus datafiles.
Note this is remotely exploitable bug: if you grab data from a remote
system, invalid data may crash you server. DNS operations (query
handling etc) aren't affected by this bug, it is in dataset parsing
code.
Please note that this fix also restores previously non-working
detection of non-zero host part in ranges like 1.2.3.4/24 (proper
form is 1.2.3.0/24). If you want to process such address ranges,
specify -e command-line option.
- feature: recognize and ignore "IN" classname in `generic' dataset,
so it is now possible to have
@ IN A 127.0.0.1
0.97 (13 Jul 2003)
- feature: added per-basezone statistic counters
- osirusoft2rbldnsd.pl: sample script to convert relays.osirusoft.com
bind zone into rbldnsd `combined' dataset
- bugfix: in some rare cases, dnset missed one RR for a
DN with multiple RRs. Spotted by Matthew Sullivan, SORBS.net
- bugfix: rbldnsd didn't return NS records for base DN query
if qtype=ANY. Also, SOA now will be first in reply, not last.
- optimization for `combined' dataset: try to not remove stats
(possible collected by previous loads) for subzones on reloads
(i.e. ip4set keeps approx. number of records in a set to avoid
many malloc() calls)
- new compile-time define: -DSTATS_LL, to keep statistic counters
(if not disabled with -DNOSTATS) in variables of type `unsigned
long long', not `unsigned long' - on 32-bit machines, this may
be 64-bit integers.
0.96 (29 May 2003)
- fixed alignment bug in mempool.c that caused allocation slip
- pre-compress SOA and NS records for faster access
- return NS records in AUTHORITY section of positive answers if
available and there's a room for them.
- restore broken MX record functionality. Note that MX domain names
aren't compressed anymore
- do not lowercase domain names specified in NS, SOA and MX records
0.95 (27 May 2003)
- new dataset: combined: a container for other datasets.
See manpage for details.
- reorder zones given in command line (and in combined dataset)
to move superzone after all it's subzones. The order is still
important - place most commonly referenced zones first - but
it's not a problem anymore to specify superzone first.
0.94 (26 May 2003)
- implemented -d option (dump zone data in BIND format to stdout)
- data loading warnings goes to stderr instead of stdout
- Makefile portability tweaks for Solaris
- recognize ';' as comment char in addition to '#'; also, officially
recognize comments after an entry (IP address or domain name) in
ip4set and dnset
0.93 (18 May 2003)
- reverse change made in 0.91: SOA TTL, when SOA is in AUTHORITY
section, should be from SOA's MINTTL (negative cache TTL).
0.92 (17 May 2003)
- bugfix: fixed SOA screwup introduced in 0.91
0.91 (15 May 2003)
- rotate nameserver records (simple cyclic rotation)
- understand time units - 1w = 7d = 168h = 10080m = 604800s
- allow compilation without IPv6 transport support (-DNOIPv6)
- bugfix: fixed default A RR to be 127.0.0.2, not 2.0.0.127
- added (preliminary) RPM .spec file (rpmbuild -tb to build from tarball)
0.90 (10 May 2003)
- IPv6 transport support. Specify -4 or -6 to use particular
transport, default is to use first available.
- -b (bindaddr) now does not accept port specification, only
host address. Use new option -P to specify listening port.
- acl (-a) and log filter (-L) - per-IP filters - are gone
for now, as I should figure out how to do that with IPv6.
0.89p4 (8 May 2003)
- since bind9 returns NXDOMAIN for b.example.com even if a.b.example.com
exists, all the NXDOMAIN elimination code has been removed. So much
useless work. Now rbldnsd is small again.
0.89p3 (8 May 2003)
Incompatible changes:
- ip4vset and dnvset are gone. A trivial idea allowed me to merge
functionality into ip4set and dnset.
This means, in particular, that default A/TXT values may be specified
at any place in data files, and applies to all subsequent records up
to end of file (defaults gets reset at file boundary), and negative
(exclusion) entries works - all in uniform way.
- $NS special in every dataset instead of NS record in generic dataset.
Up to 20 per zone may be specified. Rbldnsd still does not add NS RRs
into normal answers, and perhaps will never do; also it never fills up
ADDITIONAL section (e.g. with NS A RRs).
- rbldnsd will now refuse ANY, SOA and NS queries for zone's base DN if
SOA and/or NS records (as specials) aren't specified.
- Support for NS and SOA record types removed from generic dataset. Use
dataset specials ($SOA and $NS) for this.
- $SOA and $NS specials requires TTL as a first word, so SOA become
8-field instead of 7-field, and NS become 2-field instead of one-field.
Changes:
- Allow to specify TTL per dataset (as $TTL special), and for every record
in generic dataset (optional field before record type)
- substitution variables $0,$1,$2...$9 implemented for TXT templates,
so it is now possible to use less space and less typing. I don't know
whenever this is useful or not.
0.89p2 (6 May 2003)
Incompatible changes:
- rbldnsd now substitutes listed DN in TXT template, instead of query DN,
e.g. if some.spammer.example.com is queried, and *.spammer.example.com
listed, `spammer.example.com' will be used for $ substitution. For
domain-based lists (dn[v]set) only, IP-based always substitutes an IP.
- for name-based lists, empty domain names disallowed.
Changes:
- completed NXDOMAIN vs subdomains handling for domain-based lists
(generic, dn[v]set). Rbldnsd now very close to BIND behaviour with
all it's dataset types.
- correctly handle zero bytes in DN names ewerywhere. Before, rbldnsd
was incorrect in this area.
- allow logging to be done to FIFO (ignore SIGPIPE and open with NODELAY)
- control whenever logging is buffered or not (place `+' in front of
logfile (-l option) to make it non-buffered)
- log (-l) creation errors are now logged to syslog as warnings
- -q option - quick/quiet start, load zones after backgrounding
(so load errors are not fatal)
- as usual, some more code cleanups etc all over the place.
0.89p1 (4 May 2003)
many changes. "Expirience" release...
Incompatible changes:
- generic zone does not understand SOA records anymore - SOA now may be
specified in every zone data file as $SOA.
- rbldnsd now matches BIND's runtime behaviour as close as possible. In
particular, rbldnsd now replies to any query type (except of AXFR and
the like), giving positive reply if requested name exists. Also, it now
will reply to queries like 0.0.127.bl.example.com (note partial IP)
positively with zero answers (certainly, such domain does exists if
e.g. 127.0.0.2 is listed). Additionally, rbldnsd now inserts SOA
record (if available) to every answer that contains no answer section
(this way, it is possible to specify negative caching ttl for example).
- order of zones in command line is now important again. Rbldnsd will
stop searching at first matching zone found, so if a superzone specified
before some of it's subzone, subzone will never be consulted. This may
change again in the future.
Changes:
- much improved manual page, including new "bugs" section and usage of
proper (I hope) terms (in particular, "zone" changed to "dataset" where
appropriate)
- default values for ip4vset and dnvset may be specified in any line of
data file, and applies to all subsequent entries
- major code cleanups and some redesigns, to follow BIND's behaviour
- generic dataset may now handle MX records too.
- proper domain name compression implemented (SOA, NS, MX values)
- SOA serial value may be set to be dataset's modification timestamp
(just specify serial to be 0 and rbldnsd will set it automatically)
0.84 (not released):
- return positive result with zero records to AAAA, PTR and CNAME
queries. Hack for now, but this way rbldnsd may finally be used
together with sendmail and bind...
- rewrote query parsing routine to be much more accurate and a bit faster.
0.83 (released 2003-04-19)
- critical security fix in query parsing code - that check was
here initially, in version 0.1, but was removed when I optimized
that code. Ugh!..
- portability: 4.4 FreeBSD does not have mallinfo() and stdint.h
(use appropriate -Ddefines, Makefile)
- access control and filtering logging by IP
- inlined qsort routine, speed up loading significantly.
- removed some cruft from the code
0.82 (released 2003-04-05)
- recognize another variation of IP address range, for easy use:
127.0.0.1-2 is now treated as 127.0.0.1-127.0.0.2
127.0-200 is now treated as 127.0.0.0-127.200.255.255
- debianized
0.81 (released 2003-04-03)
- rbldnsd now recognizes IP address ranges in additional to
IP prefixes and CIDR ranges, e.g. 127.0.0.2-127.0.1.5 now
works with ip4[v]set zonetypes (range is inclusive). May
be disabled at compile time by adding -DNOIP4RANGES to
$(DEFS).
- new option, -e, to enable usage of "non-conforming" CIDR
ranges, where prefix does not fit within given netmask.
- -v option is gone, new option -l to specify a logfile
(it was a bad idea to log every request via syslog).
- when constructing a dataset from several files, A and
TXT records are now taken from _first_ file for ip4set
and dnset (ignoring those in other files), and for
ip4vset and dnvset, defaults are in effect for a single
file only.
- implemented removal of duplicate entries on zone data
reloads. May be disabled at compile time by adding
-DNOREMOVEDUPS to $(DEFS).
- various code cleanups
0.80 (released 2003-04-02)
Incompatible changes:
- command-line zone syntax has changed. Consult the manpage
for examples. Basically, instead of
type:file-zone-name
rbldnsd now expects
zone-name:type:file-name
thus eliminating requiriment that zone name should be in
file named after zone. Also, a LIST (comma-separated) of
filenames may be specified instead of a single file. Note
that all 3 fields are required. Resulting command line
may look somewhat ugly (and it may be long), but the effect
is much improved flexibility.
- logging has changed. Data set may be reused for several
zones, so "zone xxx loaded" message is now replaced by
"dataset loaded", without any reference to zone(s) which
uses that data set.
- rbldnsd will abort it's startup if it will encounter any
error during initial zone loading (missing file, out of
memory etc). After initialization, all errors are not
fatal, but partially loaded zones will NOT be serviced
(rbldnsd will return REFUSED in this case, as if it does
not service this zone at all). If, on subsequent reload,
problematic zone will be back available, it will be included
in servicing list automatically.
Other changes:
- rbldnsd now recognizes and answers to NS and SOA records.
For this to work, one need to specify such records, and
for this, new data type was introduced, named `generic'
(simplified bind-style format, see manpage for more info).
If no `generic' type dataset is specified for a domain,
rbldnsd will refuse NS and SOA queries as before.
- due to changed command line format, it is now possible to
construct one zone from several data sets (by repeating
the same zone name with different data sets), and to
construct one data set from several files (of the same
type). Either way and any combinations works (see NOTES
section in the manpage for examples).
- logging of queries is implemented. Give -v option to turn
it on, but expect large amount of data to be logged on a
busy site (every query will be logged via syslog). This
feature is mainly for debugging purposes, and later may
be replaced with more advanced logging to a file.
0.74 (newer released)
Incompatible changes over 0.73:
- In ip4vset and most notable in dnvset types, it is now possible
to specify exclusion of an entry (useful to specify large block
and exclude a single entry from it). This is done by prefixing
an entry with an exclamation sign (!). So, exclamation sign at
start of line is now treated specially (it wasn't valid for
ip4vset, but it was treated as a part of domain name in dnvset).
- If no TXT record is available for an entry, rbldnsd will now not
return NXDOMAIN but will return zero-entry successeful answer.
This is how BIND works. Something like "valid name but now data
of requested type".
Other changes in 0.74:
- reorganized storage for TXT records, to speed up loading of zones
with non-repeatable TXT values. With this change, relays.osirusoft
zones now requires somewhat more memory (since no hard work for TXT
duplication elimination is now taking place), but overall case (where
TXTs aren't repeated frequently) is now much faster, in particular,
Wirehub's permblockIP.txt now loads in an acceptable time. Rbldnsd
still recognizes and packs adjanced duplicates. Worst case will be
with randomized osirusoft data (it has very many dups, but most are
adjanced to each other).
- reviewed logging, should be ok for buffer-overflow things.
Also, prevent log flooding in case input file contains many
errors (only first 5 is logged)