Changes in RELEASE_1_6 from RELEASE_1_5 - rdomain support in OpenBSD - fudgesize in forwarding mode for setting higher FUDGE value - ntphack in main daemon for allowing *.ntp.org through - setproctitle setting of an identifier for identifying a delphinusdnsd in systems that have multiple delphinusdnsd running Changes in RELEASE_1_5 from RELEASE_1_4 - implement a double-signature rollover method - allow ZSK and KSK keys to be created without signing - switch default algorithm to alg 13 (elliptic curve) instead of alg 8 (RSA) - not specifying a tsigkey in rzone should now imply NOKEY - multiple RRSIG's are now working without bugs - fixed the random time restart algorithm to restart at only 1 desired time which increases the odds that replicants won't do it at the same time. - ANY replies have the option now to be forced to TCP only with the tcp-on-any-only option. - conform to RFC 2181 section 5.2, but keep exception for RRSIG per RFC 4034 - added a "cortex" process for IPC between the processes - added a forwarding mode (with cache) - changed the config file version from 9 back to 1 - changed how a question gets parsed (build_question()), hopeing to get more security out of this - in dddctl query allow a class to be specified (-c) - added RP, HINFO and CAA RR support in all areas except dddctl query - add a SOA constraint on rzone's to constrain SOA refresh/retry/expire values by default these are 60/60/60 - terminology changes blacklist->blocklist, whitelist->passlist, anything_slave() to anything_ddd(), to keep with the times - made the 3G database truly RW (before there was some memcpy'ing going on that corrupted pointers making the databse RO). - added extra security measure to prevent DNS poisoning by AXFR - added a bytelimit to how much one can AXFR from a remote site. Unfortunately this won't prevent a disk to fill up in most circumstances, but may give an operator more time to notice what's going on. It surely will prevent memory exhaustion if used carefully. - improve on the speed of AXFR's for very large databases (tested on 1.4 million AAAA records, 2 seconds vs. 120 seconds). - do not reply AA on BADVERS - add a setable max-udp-payload option for the options section. [2019] Changes in RELEASE_1_4 from RELEASE_1_3 - dddctl can now count records in configtest - dddctl can axfr zones, and query other dns data - the database has been replaced with the 3G DB (3rd generation internal db) - fixed logic leading up to DNSSEC NODATA ENT replies - FreeLogic from Russia, offered an unalignment fix affecting rrlimit - TSIG AXFR's and other TSIG support is now workin - increased TXT's size from 255 to 1024 (for DKIM) - TCP now doesn't block upon connect, it will close connections at 64 limit - refactored the axfr with finer grained control with the mzone keyword - added algorithm 13 in dddctl, for signing elliptic curves and conforming to RFC 8624 - change the default configfile to /etc/delphinusdns/delphinusdns.conf and update documentation for this - add -X and -x argument for setting the serial automatically overriding what is in the zonefile - refused answers now tag on the question, and add on a possible EDNS0 tag, which it did not do before. - fixed referrer NS code with plain subzones incorporating some DNSSEC elements - remote logging (which was added in BETA_7) has been removed - last minute change: teach delphinusdnsd and dddctl to answer multiple TXT's per domain name. [2018] Changes in RELEASE_1_3 from RELEASE_1_2 - created a "zinclude" config, which will only allow zone files to be included and nothing else inside that. - created a manpage for dddctl - fixed a timeout issue with notify hosts, refactored code (axfr.c) - replaced dd-convert with dddctl which is a utility that can do a bit more, including dnssec key roll-over with ZSK key. - added a DNS conversion tool to convert delphinusdnsd zonefiles to BIND style. - fixed ENT's with DNSSEC (missing NSEC3 in ENT's, RFC 7129). - added regressions for the developing platform (OpenBSD) [2017] Changes in RELEASE_1_2 from RELEASE_1_1 - remove SPF support (deprecated RFC 7208 section 3.1) - add TLSA anyreply support (affects AXFR) - change BerkeleyDB to tree(3) RB_* macros (faster?) - fix EDNS compliancy: https://ednscomp.isc.org/ednscomp/5a70566c18 - fix truncation code and give empty answers with TC bit set when appropriate - fix CNAME's with DNSSEC - fix PTR's with DNSSEC - move to imsg functions with privsep for IPC messaging - OpenBSD delphinusdnsd is pledged [2016] Changes in RELEASE_1_1 from RELEASE_1_0 - dd-convert.c written to replace dd-convert.rb. It now supports TLSA RR's as an added bonus. This utility does not rely on any external (BIND) tools except for the linkage against openssl/libressl. - manpage for dd-convert - Mac OS X port has been dropped - RFC 8020 compliance with empty non-terminal names starting this release - Linux now depends on libbsd [2015] Changes in RELEASE_1_0 from BETA_9 - name change from wildcarddnsd to delphinusdnsd - fixed the long standing bug that assumed one time to live for all RRSETs in a domain name (ttl fix) - internal database has been changed in it's ABI - wildcarding is off for good (due to DNSSEC) - split-horizon for A records is gone, (may be added back one day) - EDNS fixup (RFC 2671) - DNSSEC (RFC 4033, 4034, 4035) - DNSSEC NSEC3 (RFC 5155) - TLSA RR (described in RFC 6698) - dd-convert.rb ruby zone sign tool - Linux now relies on libressl 2.2.4 library, details in the configure - some bug fixes [2014] Changes in BETA_9 from BETA_8 - we have replaced parse.c with parse.y - Linux now relies on the libressl 2.1.1 library, details in the configure - commandline options have been moved to configuration file options to coexist - options keyword in the configfile - SPF (RR 99) RFC 4408 support - fix a bug related to truncation - SSHFP (RR 44) RFC 4255 (+ RFC 6594) support - defineable ratelimit between 1 and 127 pps , see example8.conf for sample - EDNS0 (RFC 6891) get detected and replied upon - NAPTR (RFC 2915) support - Notify (RFC 1996) master-only support - underlying BerkeleyDB databases are now stored in /var/db/wdns/[pid]/* instead of /var/db/wdns, cleanup code for this was written as well. - filter and whitelist ip ranges - a wildcarddns.conf(5) manpage based on BNF similar to pf.conf(5) with reference from parse.y - we now log received bytes and sent bytes per query, log at the end of a log message. [2013] Changes in BETA_8 from BETA_7 - we have a non-forking debug mode now with verbosity flag - make W compile and run on the Raspberry Pi (great projects with this) [2013] Changes in BETA_7 from BETA_6 - remote (sys)-logging feature with HMAC message verification - change to Berkeley DB 4.6+ on BSD hosts (Linux had it already) - allow numerous copies of wildcardnsd to pre-fork (-n flag) - AXFR master code (this allows a BIND9 to work with wildcarddnsd) - fix an integer overrun in parse.c which prevented big endian hosts to make use of ANY replies and AXFR - SRV RR support - left sourceforge.net around August 14, 2012 - Mac OS X compiles now, but has not been tested with queries [2011] Changes in BETA_6 from BETA_5 - Addition of the utterly broken recursive lookup code - conf file is at version 4 now - inclusion of a "root hints" entry in some example.conf's - "ANY" RR type replies - pidfiles written to /var/run - master process which can be HUP'ed for reloading the nameserver - compress_label fix from possible overflow - DNS TTL logging fix for OpenBSD - TCP filedescriptor fix (so -> tnp->so)