ChangeLog

10 March 2020: Wouter
	- repository has version number 4.3.0.  Tag for 4.3.0rc1.

3 March 2020: Wouter
	- Fix that the retry wait does not exceed one day for zone transfers.

27 February 2020: Wouter
	- Fix warning on FreeBSD about pointer size cast.

26 February 2020: Wouter
	- Fixup fix of reuseport TCP for server close of sockets not used
	  by it.  And the unit test skips when the necessary debug output
	  is not enabled.

25 February 2020: Wouter
	- Fix event unit test, signal has to be registered with signal_add,
	  event_add not for every backend for signals.  The event_initialized
	  is not possible for every backend, so event_added variable.  The
	  agent write event fires after a timeout, instead of on event write
	  so that it does not trigger a sigpipe event when the handlers stop.
	  Timeout shorted to 0.1 second.  event_get_fd was not implemented,
	  so used ev_fd.  Debug output printfs added to see what happens.
	- Fix checkconf test for new drop-updates config option.
	- Fix errors with reuseport and TCP file descriptors, it was
	  closing them for server-1 in server-2 and server-3..

7 February 2020: Jeroen
	- Add feature to drop queries with opcode UPDATE.

6 February 2020: Jeroen
	- Support SO_BINDTODEVICE on Linux. Specify bindtodevice: yes
	  to bind sockets directly to the network interface.
	- Support SO_SETFIB on FreeBSD. Add setfib=<FIB> after an ip-address
	  option to use the specified FIB for that socket.
	- Require user to add servers=<range> after an ip-address option to
	  specify the servers that must listen on that socket.

6 February 2020: Wouter
	- Merge PR#60: Minor portability fixes from michaelforney, with
	  avoid pointer arithmetic on void* and avoid unnecessary VLA.

4 February 2020: Wouter
	- Merge PR#22: minimise-any: prefer polular and not large RRset,
	  from Daisuke Higashi.
	- Fix responses for IXFR so that the authority section is not echoed
	  in the response.

21 January 2020: Wouter
	- Fix leak in server bitset setup.

16 January 2020: Jeroen
	- Add zone resource record iterator for future zone-verification port.
	- Set FD_CLOEXEC on opened sockets.
	- Add popen3 implementation for future zone-verification port.
	- Add -r option to cutest so that a subset of tests can be run.

15 January 2020: Jeroen
	- Add feature to pin server proccesses to specific cpus.
	- Add feature to pin IP addresses to selected server processes.
	- Set process title to identify individual processes.

13 January 2020: Wouter
	- Merge pull request #59 from buddyns: add FreeBSD support
	  for conf key ip-transparent.

10 January 2020: Wouter
	- Fix unreachable code in ssl set options code.
	- Fix bad shift in assertion code analyzer complaint.

6 January 2020: Wouter
	- Fix #56: Drop sparse TSIG signing support in NSD.
	  Sign every axfr packet with TSIG, according to the latest
	  draft-ietf-dnsop-rfc2845bis-06, Section 5.3.1.

12 December 2019: Wouter
	- Note that use-systemd is not necessary and ignored in man page.

11 December 2019: Wouter
	- Fix whitespace in nsd.conf.sample.in, patch from Paul Wouters.
	- use-systemd is ignored in nsd.conf, when NSD is compiled with
	  libsystemd it always signals readiness, if possible.

9 December 2019: Wouter
	- Fix to define upper bounds on rr counts read from untrusted packet
	  data.
	- Try different annotation for radix_find_prefix_node not reachable.
	- Separate acl_addr_match_range functions for ip4 and ip6, to
	  please checkers.
	- Avoid unused variable warning in new match_range_v4 function.

6 December 2019: Wouter
	- Fix to define max number of EDNS records we are willing to
	  spend time on.
	- Fix size of string len and capacity type cast in udbradtree.
	- Fix to protect rrcount in tsig_find_rr from overflow.
	- Annotate radix_find_prefix_node not reachable trail code.
	- Fix to protect rrcount in packet_find_notify_serial from overflow.
	- Fix to close socket on error in create_tcp_accept_sock.
	- Fix to log on failure to chmod for socket for remote control.
	- Fix to remove unneeded if in open of socket for remote control.
	- Fix to restore input parameter on call failure in create_dirs.
	- Please checker by terminating and initialising string read
	  by remote control.
	- Fixup of random_generate negative modulo, from previous commit,
	  and return srandom when random is used if no getrandom.

5 December 2019: Wouter
	- Fix fname null check of fname in namedb_read_zonefile.
	- Fix implicit cast of size in udb_radnode_array_grow.
	- Fix ignore of return value of ssl_printf in remote.c.
	- Fix unused check of fd in parent_handle_reload_command.
	- Fix to use getrandom() for randomness, if available.
	- Attempt to fix signedness of nscount lookup in ixfr query_process.
	- Fix identical branches for ssl_print of errors in remote.c.
	- Fix type cast bounds, signedness of opt_rdlen in edns_parse_record.
	- Fix to separate header and data lines in parse_zone_list_file.

3 December 2019: Wouter
	- Fix #52: do not log transient network full errors unless higher
	  verbosity is set.
	- Fix checkconf test for new error output string.
	- tag for 4.2.4rc1 release.  This became the 4.2.4 release,
	  and the master branch continues with 4.2.5 in development.

27 November 2017 Jeroen
	- Fix regressions in configparser.y

22 November 2019: Wouter
	- Fix #48: Add make distclean that removes config.h made by configure.
	  And add maintainer-clean that removes bison and flex output.

18 November 2019: Wouter
	- Detect fixed time memcmp for openssl 0.9.8 compatibility.
	- Detect EC_KEY_new_by_curve_name for openssl 0.9.8.
	- include limits.h for UINT_MAX.
	- If no recvmmsg, dont use msg_flags member, but errno for error,
	  where our fallback function left it, msg_flags also does not exist
	  on some systems.
	- Remove unused variable warning for portability.

14 November 2019: Wouter
	- Fix checkconf test with filenames that sort in the same order.
	- Tag for 4.2.3rc1.  Branch master is 4.2.4 in development.

11 November 2019: Wouter
	- Fix #44: document that remote-control is a top-level nsd.conf
	  attribute.
	- Fix compile on OSX.
	- Fix for #44: nicer top-level clause documentation.

22 October 2019: Jeroen
	- Number of different UDP handlers has been reduced to one. recvmmsg
	  and sendmmsg implementations are now used on all platforms.
	  Compatible implementations are in place for systems that lack the
	  system calls.
	- Socket options are now set in designated functions for easy reuse.
	- Socket setup has been simplified for easy reuse.
	- Configuration parser is now aware of the context in which an option
	  was specified.

21 October 2019: Wouter
	- For #21 add
	  contrib/patch_for_s6_startup_and_other_service_supervisors.diff
	  that adds support for readiness notification with READY_FD from
	  Cameron Nemo.

17 October 2019: Jeroen
	- Fix #40: Merge small fixes for confine-to-zone by Greg Bock.

15 October 2019: Jeroen
	- For #39: Merge confine-to-zone feature contributes by Greg Bock.

26 September 2019: Wouter
	- Fix #38: log address and failure reason with tls handshake errors,
	  squelches (the same as unbound) some unless high verbosity is used.
	- Fixup clang analysis warning in xfrd_parse_received_xfr_packet
	  master dereference.

25 September 2019: Wouter
	- The nsd.conf includes are sorted ascending, for include statements
	  with a '*' from glob.

16 September 2019: Wouter
	- Fixup warnings during --disable-ipv6 compile.
	- Fixup unit test executable to run without IPv6.

4 September 2019: Wouter
	- Fix #35: excessive logging of ixfr failures, it stops the log when
	  fallback to axfr is possible. log is enabled at high verbosity.

2 September 2019: Wouter
	- For #21: pidfile "" allows to run NSD without a pidfile, for
	  startup management tools like daemontools.

28 August 2019: Wouter
	- In tests check for tls test tool availability.

19 August 2019: Wouter
	- Tag for 4.2.2 release.  Git master contains 4.2.3 in development.

13 August 2019: Wouter
	- Fix error message for out of zone data to have more information.
	- Tag for 4.2.2rc2.

12 August 2019: Wouter
	- Fix #33: Fix segfault in service of remaining streams on exit.

6 August 2019: Wouter
	- Tag for 4.2.2rc1.

5 August 2019: Wouter
	- PR #31: nsd-control: Add missing stdio header.
	- PR #32: tsig: Fix compilation without HAVE_SSL.
	- Cleanup tls context on xfrd exit.

31 July 2019: Wouter
	- Fix #29: SSHFP check NULL pointer dereference.
	- Fix #30: SSHFP check failure due to missing domain name.
	- Fix to timeval_add in minievent for remaining second in microseconds.

22 July 2019: Wouter
	- Set timeout for refetch immediately, only spread load when there
	  are retries.

19 July 2019: Wouter
	- Set no renegotiation on the SSL context to stop client
	  session renegotiation.

18 July 2019: Wouter
	- Fix #25: NSD doesn't refresh zones after extended downtime,
	  it refreshes the old zones, with a random delay of a couple of
	  seconds to spread the load.
	- Fix so that expired zones stay expired when server is down a
	  long time.

17 July 2019: Wouter
	- Fix that NSD warns for wrong length of the hash in SSHFP records.

15 July 2019: Wouter
	- PR #23: Fix typo in nsd.conf man-page.

4 July 2019: Wouter
	- Set version to 4.2.2 in development.
	- clean memory on exit of nsd-checkzone for memory debug.
	- Fix #20: CVE-2019-13207 Stack-based Buffer Overflow in the
	  dname_concatenate() function.  Reported by Frederic Cambus.
	  It causes the zone parser to crash on a malformed zone file,
	  with assertions enabled, an assertion catches it.
	- Fix #19: Out-of-bounds read caused by improper validation of
	  array index.  Reported by Frederic Cambus.  The zone parser
	  fails on type SIG because of mismatched definition with RRSIG.

2 July 2019: Wouter
	- Tag for 4.2.1rc1

27 June 2019: Wouter
	- Fix unit test for added options and no dot after zone updated
	  log message.
	- Fix compile without accept4.

21 June 2019: Wouter
	- Omit remaining tcp processing if the list is empty.
	- Fix output of nsd-checkconf -h.

20 June 2019: Wouter
	- Initialize event structures before event_set, to stop uninitialized
	  values from setting event library lists and assertions, that would
	  sometimes also show after event_del.
	- Added num.tls and num.tls6 stat counters.
	- PR #12: send-buffer-size, receive-buffer-size,
	  tcp-reject-overflow options for nsd.conf, from Jeroen Koekkoek.
	- Do not use symbol from libc, instead use own replacement, if not
	  available, for accept4.
	- Fix #14, tcp connections have 1/10 to be active and have to work
	  every second, and then they get time to complete during a reload,
	  this is a process that lingers with the old version during a version
	  update.

19 June 2019: Wouter
	- Fix tls handshake event callback function mistake, reported
	  by Mykhailo Danylenko.

18 June 2019: Wouter
	- Fix #15: crash in SSL library, initialize variables for TCP access
	  when TLS is configured.

14 June 2019: Wouter
	- Fix to init event not pointer, in reassignment.

12 June 2019: Wouter
	- Fix to init event structure for reassignment.

11 June 2019: Wouter
	- NSD 4.2.0 release.  Current development is 4.2.1.
	- Fixup of RELNOTES, corrected RFC reference for 4892.
	- Fix #13: Stray dot at the end of some log entries, removes dot
	  after updated serial number in log entry.
	- Fix TLS cipher selection, the previous was redundant, prefers
	  CHACHA20-POLY1305 over AESGCM and was not as readable as it could be. 
	- Consolidate server tls context create and remote control context
	  create, with hardening for the remote control tls context too.

6 June 2019: Wouter
	- NSD 4.2.0rc1 tag.

4 June 2019: Wouter
	- Fix unit test for outgoing interface to use random port numbers for
	  the outgoing interface config.

29 May 2019: Wouter
	- Fix to guard _OPENBSD_SOURCE from redefinition.

28 May 2019: Wouter
	- Fix to define _OPENBSD_SOURCE to get reallocarray on NetBSD.

16 May 2019: Wouter
	- Fix #10: Fix memory leaks caused by duplicate rr and include
	  instructions.

6 May 2019: Wouter
	- Note CII best practices badge for NSD on the README.md.

2 May 2019: Wouter
	- Fix .gitignore for unit test generated files.
	- Fix checkconf unit test for hide-identity and tls.

1 May 2019: Wouter
	- Fix makedist.sh for use with git.
	- Nicer output on travis for clang analysis.
	- Add .gitignore file to exclude built files from version tracking.
	- Add README.md file in repository with compile instructions.
	- Fix .gitignore for dnstap files and aclocal temp.
	- Add aclocal to README.md for pkgconfig for some configure options.

25 April 2019: Wouter
	- Add tls.tpkg unit test for DNS over TLS functionality.

18 April 2019: Wouter
	- Fix to avoid buffer alloc with global buffer in tls write handler.
	- Fix to initialize event structure when accepting TCP connection.
	- Use travis for build check, initial unit test and clang analysis.
	- Disable SSLv2,3,TLSv1.0,1.1 if TLS1.2 is available in libssl.
	- Disable weak ciphers, enable CIPHER_SERVER_PREFERENCE.
	- further setup ssl ctx after the keys are loaded, for ECDH.
	- TLS OCSP stapling support, enabled with tls-service-ocsp: filename,
	  patch from Andreas Schulze.

17 April 2019: Wouter
	- Fix to share openssl init code, and perform it once.

16 April 2019: Andreas via Sara
	- Patch to add support for TCP Fast Open
	- Patch to add support for tls service on a specified tls port

16 April 2019: Wouter
	- Fix #4249: The option hide-identity: yes stops NSD from responding
	  with the hostname for chaos class queries.  Implements the RFC4829
	  security considerations.
	- Remove starttls, this signalling method was not standardized.
	- Remove TO bit, this signalling method was not standardized.
	- Remove unused first_query and tls_ok states.
	- Remove sign-compare warning in tls packet send code.
	- Fix spelling in comment and log printout.
	- Fix potential uninitialized variable.
	- Fix documentation for DNS over TLS, and set default port 853.
	- Fix to add missing comment.
	- Fix that the TLS handshake routine sets the correct event to
	  continue when done.
	- Fix that TLS renegotiation calls the read and write routines again
	  with the same parameters when the desired event has been satisfied.
	- Fix that TCP Fastopen has better error message and supports OSX.
	- Fix log for fastopen with verbosity.
	- Squelch TLS handshake failure log until verbosity 3.
	- Add per-zone statistics for TLS queries, and dnstap for TLS queries,
	  and rcode and TCflag statistics for TCP and TLS queries.

25 March 2019: Wouter
	- Print IP address when bind socket fails with error.

21 March 2019: Wouter
	- Fix spelling error in release notes.
	- Fix to delete unused zparser.default_apex member.

19 March 2019: Wouter
	- tag 4.1.27rc1.  This became 4.1.27 on 25 March 2019 and trunk has
	  4.1.28 in development.

18 March 2019: Wouter
	- Fix unit test bug013_truncate for new truncation with EDNS size,
	  it is one RR smaller for the truncated response in the test.

14 March 2019: Wouter
	- Fixed radtree_insert memory leak.
	- Fixed access recycled variable.

11 March 2019: Wouter
	- Fix #6: nsd-control-setup: Change validity time to a shorter
	  period (<2038).
	- Fix unused definition in header remote.h.
	- Fix #4236: IPV4_MINIMAL_RESPONSE_SIZE=1480 is slightly too big.
	- Fix #4235: IP_PMTUDISC_OMIT on IPv4/UDP sockets.

18 February 2019: Wouter
	- Fix to remove unused code.

15 February 2019: Wouter
	- tentative robustness, delete stats items from list twice if needed.

14 February 2019: Wouter
	- Fix #4: setusercontext() is in libutil on NetBSD, and also
	  include login_cap.h only if it exists.
	- Fix #4215: fixup for state update for TSIG information in server
	  processes, nicer printout for tsig_print, tsig_print without
	  arguments and no leaks.
	- nicer logging for update_tsig.

1 February 2019: Wouter
	- Fix for tsig assoc_tsig command on acl with nokey elements.

29 January 2019: Wouter
	- Fix #4215: on-the-fly change of TSIG keys with patch from Igor, adds
	  nsd-control print_tsig, update_tsig, add_tsig, assoc_tsig
	  and del_tsig.  These changes are gone after reload, edit the
	  config file (or a file included from it) to make changes that
	  last after restart.
	- documentation for tsig nsd-control options.

24 January 2019: Wouter
	- Deny ANY with only one RR in response, by default.  Patch from
	  Daisuke Higashi.  The deny-any statement in nsd.conf sets ANY
	  queries over UDP to be further moved to TCP as well.
	  Also no additional section processig for type ANY, reducing
	  the response size.
	- assertions for clang analysis.

10 December 2018: Wouter
	- Fix for FreeBSD port with dnstap enabled.

6 December 2018: Wouter
	- Fix to reduce region_log_stats if condition, this removes a
	  debug statement.

5 December 2018: Wouter
	- Fix #4213: disable-ipv6 and dnstap compile error.

3 December 2018: Wouter
	- Note that the content_list member is unused; and could be removed
	  if the database format is modified or updated.
	- Fix that dnstap logs CQ and CR like BIND does.
	- Revert that, it looks wrong, AQ and AR are for the authoritative.
	 
29 November 2018: Wouter
	- Tag for 4.1.26rc1. Which became 4.1.26 on 4 dec 2018.
	  Trunk has 4.1.27 in development.
	- Fix clang analysis warning on null in closest encloser for wildcard
	  denial nsec.
	- Fix clang analysis warnings.

27 November 2018: Wouter
	- Fix parsezone failure in 4194 fix.

26 November 2018: Wouter
	- Fix to not set GLOB_NOSORT so the nsd.conf include: files are
	  sorted and in a predictable order.
	- Added nsd-control changezone.  nsd-control changezone name pattern
	  allows the change of a zone pattern option without downtime for
	  the zone, in one operation.
	- Fix #3433: document that reconfig does not change per-zone stats.

20 November 2018: Wouter
	- Fix #4205: enable-recvmmsg in mixed IPv4/IPv6 environment fails.
	  This sets the msg_hdr.msg_namelen correctly after receipt.

19 November 2018: Wouter
	- Support SO_REUSEPORT_LB in FreeBSD 12 with the reuseport: yes
	  option in nsd.conf.
	- Fix #4202: nsd-control delzone incorrect exit code on error.
	- Tab style fix to use tab for 8 spaces, from Xiaobo Liu.

25 October 2018: Wouter
	- Adjust dnstap socket path for chroot.

22 October 2018: Wouter
	- Fix #4194: Zone file parser derailed by non-FQDN names in RHS of
	  DNSSEC RRs.
	- Fix some more, neater code and checks for domain length limit.
	- check that the dnstap socket file can be opened and exists, print
	  error if not.

4 October 2018: Wouter
	- dnstap work, the dnstap.proto is a copy of the file from Unbound,
	  also dnstap.m4 configure include file.
	- dnstap collector: free eventbase and memclean nicer.
	- dnstap collector: send data and read it in collector.
	- dnstap/dnstap.c and .h from Unbound's contribution from
	  Farsight Security, added to then adapt it for dnstap logging in NSD.
	- dnstap.c with auth query and auth response, and called from
	  the collector.
	- dnstap work, config nsd.conf parse.
	- dnstap example config.

25 September 2018: Wouter
	- NSD 4.1.25 released, trunk has 4.1.26 in development.

18 September 2018: Wouter
	- tag for NSD 4.1.25rc1.

17 September 2018: Wouter
	- Fix #4156: Fix systemd service manager state change notification

14 September 2018: Wouter
	- Remove unused if clause during server service startup.

13 September 2018: Wouter
	- Fix typo in clang analysis test.
	- Annotate exit functions with noreturn.
	- nsd-control prints neater errors for file failures.

12 September 2018: Wouter
	- clang analysis test.

11 September 2018: Wouter
	- Fix to combine the same error function into one, from Xiaobo Liu.
	- Fix initialisation in remote.c.
	- please clang analyzer and fix parse of IPSECKEY with bad gateway.
	- Fix unit test code for clang analyzer.
	- Fix nsd-checkconf fail on bad zone name.

10 September 2018: Wouter
	- Fix coding style in nsd.c

7 September 2018: Wouter
	- append_trailing_slash has one implementation and is not repeated
	  differently.

4 September 2018: Wouter
	- Fix codingstyle in nsd-checkconf.c in patch from Sharp Liu.

15 August 2018: Wouter
	- Fix use_systemd typo/leftover in remote.c.

13 August 2018: Wouter
	- tag for 4.1.24 release.
	- trunk is 4.1.25 in development.
	- Fix that nsec3 precompile deletion happens before the RRs of
	  the zone are deleted.
	- Fix printout of accepted remote control connection for unix sockets.

6 August 2018: Wouter
	- tag for 4.1.24rc1 release.

30 July 2018: Wouter
	- Tag for NSD 4.1.23 release, trunk is 4.1.24, includes
	  fix NSD time sensitive TSIG compare vulnerability.
	- Fix checkconf test for use-systemd option.

25 July 2018: Wouter
	- #4133: Fix that when IXFR contains a zone with broken NSEC3PARAM
	  chain, NSD leniently attempts to find a working NSEC3PARAM.

23 July 2018: Wouter
	- Remove socket activation from systemd code, it was reported as
	  not useful to enable.  The readiness signalling is still there,
	  and can be enabled with use-systemd: yes.
	- Only call sd_notify from systemd when use-systemd is yes.

6 July 2018: Wouter
	- RFC8162 support, for record type SMIMEA.
	- Fix that type CAA (and URI) in the zone file can contain
	  dots when not in quotes.

26 June 2018: Wouter
	- configure --enable-systemd (needs pkg-config and libsystemd) can
	  be used to then use-systemd: yes in nsd.conf and use socket
	  activation and readiness signalling with systemd.

19 June 2018: Wouter
	- #4106: Fix that stats printed from nsd-control are recast from
	  unsigned long to unsigned (remote.c).

14 June 2018: Wouter
	- Fix that first control-interface determines if TLS is used.  Warn
	  when IP address interfaces are used without TLS.

12 June 2018: Wouter
	- #4102: control interface via local socket.
	  configure it with control-interface: "/path/nsd.ctl"  The path
	  has to start with a / to separate it from an IP address.
	  The local socket does not use SSL, but unencrypted traffic, use
	  file and containing directory permissions to restrict access.

6 June 2018: Wouter
	- Patch to fix openwrt for mac os build darwin detection in configure.

4 June 2018: Wouter
	- tag for 4.1.22rc1.  Became 4.1.22 on 11 June, trunk is 4.1.23 in
	  development from this point.

31 May 2018: Wouter
	- Fix to use same condition for nsec3 hash allocation and free.

23 May 2018: Wouter
	- Use accept4 to speed up answer of TCP queries, on Linux and FreeBSD
	  and OpenBSD.

22 May 2018: Wouter
	- Fix nsec3 hash of parent and child co-hosted nsec3 enabled zones.

15 May 2018: Wouter
	- Fix memory free in unit test.

14 May 2018: Wouter
	- Tag for 4.1.21 release.
	- trunk has 4.1.22 in development.
	- refuse-any sends truncation (+TC) in reply to ANY queries over UDP,
	  and allows TCP queries like normal.

7 May 2018: Wouter
	- Tag for 4.1.21rc1 release.

4 May 2018: Wouter
	- Fix #4093: Release notes not using 2018.

3 May 2018: Wouter
	- Fix buffer size warnings from compiler on filename lengths.

26 April 2018: Wouter
	- lower memory usage for tcp connections, so tcp-count can be higher.
	- Fix checkconf test for refuse-any option.

3 April 2018: Wouter
	- refuse-any nsd.conf option that refuses queries of type ANY.

5 March 2018: Wouter
	- Fix #3562: explain build error when flex missing.

20 February 2018: Wouter
	- For more clang warnings
	- Fix spelling error in xfr-inspect.

19 February 2018: Wouter
	- Fix for clang analysis complaints.

15 February 2018: Wouter
	- --enable-memclean cleans up memory for use with memory checkers,
	  eg. valgrind.
	- Fix unused variable warnings from clang analyzer.

14 February 2018: Wouter
	- updated RELNOTES for upcoming release.
	- tag 4.1.20rc1, became release on 20 feb, trunk has 4.1.21 in
	  development.

9 February 2018: Wouter
	- make depend: updated the make dependencies in the Makefile.

8 February 2018: Wouter
	- Fix memory leak when rehashing nsec3 after axfr or zonefile read,
	  in the selectively allocated precompiled nsec3 hashes.

6 February 2018: Wouter
	- Fix memory leak in zone file read of unknown rr formatted RRs.

11 December 2017: Wouter
	- Add test for support of -Wno-address-of-packed-member for
	  --enable-packed.
	- tag for release 4.1.19
	- trunk has 4.1.20 in development.

8 December 2017: Wouter
	- tag for 4.1.19rc1

7 December 2017: Wouter
	- Fixup lexer warning for gcc 4.2.

6 December 2017: Wouter
	- Fix 3392: Fix regression in 4.1.18 for notify lists with ip4
	  and ip6 targets.

5 December 2017: Wouter
	- Fix spelling error in xfr-inspect.

1 December 2017: Wouter
	- Fix warnings emitted by clang for --enable-packed.  Alignment is not
	  a problem for x86_64, don't enable packed when the platform
	  requires aligned access.

30 November 2017: Wouter
	- tag for 4.1.18 release.
	- trunk has 4.1.19 in development.
	- ignore fallthrough compiler warning in flex EOF rule.

27 November 2017: Wouter
	- Fix crash for DS query when parent and child zones both configured
	  in nsd.conf and parent zone has not loaded properly.
	- tag for 4.1.18rc2.

16 November 2017: Wouter
	- tag for 4.1.18rc1.

14 November 2017: Wouter
	- Fix #2871: Increase number of sockets for xfrd transfers.

6 November 2017: Wouter
	- Set usage counts in namedb tree to uint32 to save memory.
	- Fix up debug content from nsec3 collision printout work.

2 November 2016: Wouter
	- make ip-transparent option work on OpenBSD.

11 October 2016: Wouter
	- Fix #1567: Change crit to err log level for gettimeofday failure.
	  Add defines for compile without syslog.

9 October 2016: Wouter
	- Fix collision printout of nsec3 to print name, hash and reverse.

2 October 2016: Wouter
	- nsd-control zonestatus prints wait time between attempts, for zones
	  that are in that waiting time.

19 September 2016: Wouter
	- merges feature branch branches/alloced_prehashes into trunk.

18 September 2016: Wouter
	- Fix #1446: A corrupted zone file "propagates" to good ones.

14 September 2016: Wouter
	- Fix layout in xfrd.c.

6 September 2017: Willem
	- Save memory by selectively allocate precompiled nsec3 hashes

29 August 2016: Wouter
	- With --enable-packed save memory, at expense of unaligned reads.
	- Fix writev compile warning on FreeBSD.

25 July 2016: Wouter
	- NSD sends up to 16 notifies simultaneously for up to 64 zones,
	  to increase rate of notification for large master configurations.

24 July 2016: Wouter
	- Fix gcc 7.1.1 warnings.

17 July 2016: Wouter
	- Trunk has 4.1.18
	- xfr-inspect is part of source dir, but not made or installed by
	  default.
	- retry timeout between sending notifies dropped from 15 to 3 sec.

13 July 2016: Wouter
	- tag 4.1.17rc1, and that became the 4.1.17 release on 21 July 2017.

29 June 2016: Wouter
	- make depend.

26 June 2016: Wouter
	- Fix text format of deletes for CDS and CDNSKEY, single 0 to represent
	  empty base64 or hex string.

23 June 2016: Wouter
	- Fix potential null pointer in nsec3 adjustment tree.

15 June 2016: Wouter
	- xfr-inspect debug tool prints out xfr contents of files in tmp.

6 June 2016: Wouter
	- Fix #1272: use writev to put tcp length field with data for outgoing
	  zone transfer requests.

16 May 2016: Wouter
	- zone parser parses type AVC (it has TXT format).

25 April 2016: Wouter
	- 4.1.16 release tag.
	- trunk contains 4.1.17 in development.

11 April 2016: Wouter
	- 4.1.16 rc1 tag for release.
	- minor manpage fix.

5 April 2016: Wouter
	- Patch for expire state in multi-master when masters includes
	  broken master.

27 March 2016: Wouter
	- Fix 1243: Option to make NSD emit really minimal responses,
	  minimal-responses: yes in nsd.conf.
	- but they give additional information for priming queries (type NS).

6 March 2016: Wouter
	- Fix 1228: OpenSSL include is not guarded with HAVE_SSL

28 February 2016: Wouter
	- Printout serial error with hint it may be too big.

20 February 2016: Wouter
	- Fix missing _t to _type conversion for disable-radix-tree option.

15 February 2016: Wouter
	- zone parser can parse acronyms for algorithms ED25519 and ED448.

13 February 2016: Wouter
	- Calculate new udb index after growing the array, fix from
	  Chaofeng Liu.

7 February 2016: Wouter
	- tag for 4.1.15 rc1.  Which became 4.1.15 on 16 Feb.  Trunk 4.1.16.

19 January 2016: Wouter
	- Fix to rename _t typedefs because POSIX reserves them.

3 January 2016: Wouter
	- Fix #1195: Fix so that NSD fails on non-compliant values for Serial.

14 December 2016: Wouter
	- Squelch zone transfer error address family not supported by protocol
	  at low verbosity levels.

13 December 2016: Wouter
	- Fix nsd-control and ipv6 only.

8 December 2016: Wouter
	- tag 4.1.14
	- trunk contains 4.1.15 in development.

1 December 2016: Wouter
	- Fix restart of zone transfers when new config becomes available.
	- tag 4.1.14rc1

25 October 2016: Wouter
	- Fix #1132 for SERVFAIL zones perform backoff, and remembers the
	  timeout on next startup.
	- Save backoff timeout into xfrd.state file, this file has a higher
	  version number now.  Old files are skipped silently (causes
	  refresh) and created as new files upon exit.
	- Set number of rounds to 1; NSD will try every master once, then
	  wait for timeout or notify.
	- Fix axfr fallback for rounds to 1.

20 October 2016: Wouter
	- suppress compile warning in lex files.

18 October 2016: Wouter
	- Robust fix against missing master in tcp_open for xfrd.
	- More in depth fix for the previous.
	- Fix wildcards in include: config statements with chroot enabled.

27 September 2016: Wouter
	- NSD 4.1.13 tag.
	- trunk has 4.1.14 in development.
	- Fix null memcpy for radixtree with single link element.

19 September 2016: Wouter
	- Review comments Ralph: wrapped long lines and nicer example conf.

16 September 2016: Wouter
	- NSD 4.1.13rc1 tag.

15 September 2016: Wouter
	- Test for openssl init_crypto and init_ssl functions.

14 September 2016: Ralph
	- Fix OPENSSL_INIT_ADD_ALL_DIGESTS compatibility check

13 September 2016: Wouter
	- Fix double const in dname_const() function.
	- Silenced flex-generated sign-unsigned warning print with gcc
	  diagnostic pragma.

8 September 2016: Wouter
	- more extensible edns option handling.

2 September 2016: Wouter
	- Release of 4.1.12; trunk is 4.1.13 and the patch for 4.1.12 (that
	  does not contain the other changes to the trunk) is folded into
	  the trunk.
	- Fix #827: fix compile with openssl 1.1.0 with api=1.1.0.

25 August 2016: Wouter
	- Fix multimaster for not tried full zone transfer for a expired zone.
	- Explain --disable-radix tree uses some more CPU.

22 August 2016: Wouter
	- Fix README spelling error of BSD license (reported by Joerg Jung).

19 August 2016: Wouter
	- for type SRV add A/AAAA to the additional section (if possible),
	  just like we already do for type MX.

17 August 2016: Wouter
	- Add robustness against unallocated data in nsec3 trees.

16 August 2016: Wouter
	- configure --disable-radix-tree for about 15% lower memory usage.

12 August 2016: Wouter
	- Fix #817: xfrd update failed loop.

9 August 2016: Wouter
	- Can config key algorithms with the digest name, eg. 'sha256'.
	- default tsig algorithm is sha256.
	- Fix typo in log output, 'transfered' -> 'transferred'.
	- Fix compile warnings about signcompare in minmax retrytime.

8 August 2016: Wouter
	- Support syntax of RR type OPENPGPKEY from RFC 7929.

5 August 2016: Wouter
	- multi-master-check: yes can be used to check all masters for the
	  last version, using the higher version from the configured masters,
	  from Manabu Sonoda.
	- small fixups on patch.  And fix spacing and remove configure flag.
	- Fix #812: make depend fails after distribution.

2 August 2016: Wouter
	- Fix unused result warnings from write and strtol.

1 August 2016: Wouter
	- Tag 4.1.11rc1.
	- Fix nsec3 missing for nsec3 signed parent and child for DS at zonecut.
	- Tag 4.1.11rc2.
	- trunk is 4.1.12 in development.

8 July 2016: Wouter
	- Note down tracking numbers for issue JVN#63359718 JPCERT#91251865.

5 July 2016: Wouter
	- Fix #790: size-limit-xfr can stop NSD from downloading infinite zone
	  transfer data size, from Toshifumi Sakaguchi.

27 June 2016: Wouter
	- Set default for min-refresh-time and min-retry-time to 0.  Behaves
	  just like before, but has a configurable option in nsd.conf.
	- Fix #783: Trying to run a root server without having configured it
	  silently gives wrong answers.

16 June 2016: Wouter
	- When tcp is more than half full, use short timeout for tcp session.
	- Patch for {max,min}-{refresh,retry}-time from YAMAGUCHI Takanori.
	- man page entries for max-refresh-time patch.

15 June 2016: Wouter
	- Fix build without IPv6, patch from Zdenek Kaspar.

14 June 2016: Wouter
	- release 4.1.10 and tag for that.
	- trunk has 4.1.11 in development.

7 June 2016: Wouter
	- Fix NSEC3 ent fix to use closest encloser, not wildcard denial.

2 June 2016: Wouter
	- Fix for NSEC3 with zone signed without exact match for empty
	  nonterminals, the answer for that domain gets wildcard denial.
	- #772 Document that recvmmsg has IPv6 problems on some linux kernels.
	- tag for 4.1.10rc1.

31 May 2016: Wouter
	- print notice that nsd is starting before taking off.

20 May 2016: Wouter
	- Updated fix for nonterminal nsec3 answers.

19 May 2016: Wouter
	- Fix empty nonterminal nsec3 cover answers.

12 May 2016: Wouter
	- NSD includes AAAA before A for queries over IPV6 (in delegations).
	  And TC is set if no glue can be provided with a delegation because
	  of packet size.

19 April 2016: Wouter
	- Fix #755: NSD spins after a zone update and a lot of TCP queries.

7 April 2016: Wouter
	- If set without nsd.db print "" as the default in the man pages.

4 April 2016: Wouter
	- Fix #751: NSD fails to occlude names below a DNAME.

24 March 2016: Wouter
	- Fix for openssl 1.1.0, HMAC_CTX size not exported from openssl.

21 March 2016: Wouter
	- Update acx_nlnetlabs.m4 to version 33 with HMAC_Update test.
	- acx_nlnetlabs.m4 to v34, with -ldl -pthread test for libcrypto.

15 March 2016: Wouter
	- ip-freebind: yesno option in nsd.conf sets IP_FREEBIND socket option
	  for Linux, binds to interfaces and addresses that are down.
	- Change the nsd.db file version because of nanosecond precision fix.
	- 4.1.9 release with the nsd.db file version fix (but not freebind),
	  trunk contains 4.1.10 in development.

10 March 2016: Wouter
	- Tag 4.1.8
	- Trunk contains 4.1.9 in development.

2 March 2016: Wouter
	- Tag 4.1.8rc1

1 March 2016: Wouter
	- #744: Fix that NSD replies for configured but unloaded zone
	  with SERVFAIL, not REFUSED.

16 February 2016: Wouter
	- RR type CSYNC (RFC7477) syntax is supported.

29 January 2016: Wouter
	- #739: zonefile changes when mtime is small are detected on reload,
	  if filesystem supports precision mtime values.

19 January 2016: Wouter
	- Fix #736: segfault during zone transfer.

08 January 2016: Wouter
	- Define _DEFAULT_SOURCE with _BSD_SOURCE for recent Linuxes.

05 January 2016: Wouter
	- #732: tcp-mss, outgoing-tcp-mss options for nsd.conf, patch
	  from Daisuke Higashi.

04 January 2016: Wouter
	- Updated acx_nlnetlabs to version 32.

11 December 2015: Wouter
	- Fix flto check for OSX clang.

10 December 2015: Wouter
	- 4.1.7 release
	- trunk has 4.1.8 in development.
	- take advantage of arc4random_uniform if available, patch from
	  Loganaden Velvindron.

3 December 2015: Wouter
	- tag for 4.1.7rc1 prerelease.

2 December 2015: Wouter
	- configure --enable-ratelimit-default-is-off with --enable-ratelimit
	  to set the default ratelimit to disabled but available in nsd.conf.
	- Document that ratelimit qps and slip are updated in reconfig.
	- version: "string" option to set chaos version query reply string.
	- Fix up defaults in manpage.

1 December 2015: Wouter
	- Explain rrl-slip better in documentation.

30 November 2015: Wouter
	- Fix TCP responses when REUSEPORT is in use by turning it off.
	- reuseport: no is the default, because the feature is not troublefree.
	- Document default in manpage for rrl-slip, ip4 and 6 prefixlength.

24 November 2015: Wouter
	- Fix zonec ttl mismatch printout to include more information.

18 November 2015: Wouter
	- RELNOTES more descriptive.
	- newer acx_nlnetlabs.m4.
	- spelling fixes from Igor Sobrado Delgado.

17 November 2015: Wouter
	- Fix #721: Fix wrong error code (FORMERR) returned for unknown
	  opcode.  NOTIMP expected.

16 November 2015: Wouter
	- Allocate less memory for TSIG digest.

6 November 2015: Wouter
	- Fixup for newer acx_nlnetlabs.m4, test for openssl version after
	  testing for libdl need.

5 November 2015: Wouter
	- newer acx_nlnetlabs.m4, does not needlessly link with -ldl.

30 October 2015: Wouter
	- Fix tpkg tests for portability.

29 October 2015: Wouter
	- patch from Doug Hogan for SSL_OP_NO_SSLvx options.
	- updated contrib/nsd.spec, from Bálint Szigeti.
	- support configure --with-dbfile="" for nodb mode by default, where
	  there is no binary database, but nsd reads and writes zonefiles.

27 October 2015: Wouter
	- portability fixes.

26 October 2015: Wouter
	- Init pfd for handlers added during handler-event-walk.

23 October 2015: Wouter
	- Fix many interfaces and zones updates from nsd parent event loop.

22 October 2015: Wouter
	- 4.1.6 release tag.
	- trunk contain 4.1.7 in development.

20 October 2015: Wouter
	- 4.1.6rc2 tag created.

19 October 2015: Wouter
	- Fix compile of zonec error message on FreeBSD.

15 October 2015: Wouter
	- 4.1.6rc1 tag created.

13 October 2015: Wouter
	- nsd-checkconf warns for master zones with no zonefile statement.
	- Fix start failure when many file descriptors are in use.
	- The servfail rcode is not printed with a space in the middle.
	- fixup file descriptor fixup nicer.
	- print failed token for config syntax error or parse error.

12 October 2015: Wouter
	- Fix #711: Document that debug-mode yes is used for staying
	  attached to the supervisor console.
	- Document verbosity 3 prints more information.

30 September 2015: Wouter
	- makedist.sh print on pgp signature creation.

28 September 2015: Wouter
	- Fix typo in zonec.c inside error message.

24 September 2015: Wouter
	- Fix #701: Fix that AD=1 set in a BADVERS response.

21 September 2015: Wouter
	- Fix #706: default port 53 not opened on ip4 because of getaddrinfo
	  hints initialisation failure.
	- 4.1.5 release tag
	- trunk contains 4.1.6 in development.

9 September 2015: Wouter
	- 4.1.4 release tag created.
	- trunk contains 4.1.5 in development.

31 August 2015: Wouter
	- 4.1.4rc1 tag created.

28 August 2015: Wouter
	- Fix #698 formatting errors and typos in nsd.8.in.
	- Add --enable-pie and --enable-relro-now options.

18 August 2015: Wouter
	- Admitted axfrs are logged at verbosity 1.  Refused at verbosity 2.

17 August 2015: Wouter
	- Fixed checkconf test for reuseport setting.

14 August 2015: Wouter
	- SO_REUSEPORT does not work on FreeBSD.  Enabled by default on Linux,
	  not enabled by default on other OSes.

5 August 2015: Wouter
	- Fix that notify from nsd-control contains soa serial.

3 August 2015: Wouter
	- squelch SO_REUSEPORT failure on verbosity less than 3.

31 July 2015: Wouter
	- removed hardcoded interface limit, --with-max-ips removed.
	- SO_REUSEPORT support.

16 July 2015: Wouter
	- Fix #618: documented need to list ip-addresses separately in
	  nsd.conf if there are multiple, because the source address of
	  replies can otherwise go wrong.

10 July 2015: Wouter
	- Fix that for expired zones NSD performs an AXFR and accepts newer
	  and older serial numbers.
	- Document that minimal responses only minimizes responses to fit
	  in one datagram.  It does not minimize smaller responses.

2 July 2015: Wouter
	- Fix NSID response for short edns sizes.

23 June 2015: Wouter
	- Trunk contains 4.1.4 in development.

4 June 2015: Wouter
	- Tag 4.1.3rc1
	- improve nsd-control usage text. (23 june - added to 4.1.3)
	- RFC7553 RR Type URI support.

2 June 2015: Wouter
	- Fix redefined macro lex warning for freebsd flex.

29 May 2015: Wouter
	- Fix that formerrors are ratelimited.

19 May 2015: Wouter
	- max-interfaces raised to 32.

18 May 2015: Wouter
	- removed unused defines for unofficial tsig-hmac algorithm codes.
	  The TSIG algorithm is identified by name in the config file.

14 May 2015: Wouter
	- hmac sha224, sha384 and sha512 support, patch from David Gwynne.

23 April 2015: Wouter
	- Fix crash in zone parser for relative dname after error in origin.
	- Test for zone parser failures

21 April 2015: Wouter
	- nsd-control addzones and delzones read list of zones from stdin.
	- Fix task and zonestat files to be stored in a subdirectory in tmp
	  to stop privilege elevation.
	- printout names for successful addition and removal with bulk command.

20 April 2015: Wouter
	- Fix #665: when removing subdomain, nsd does not reparse parent zone.

14 April 2015: Wouter
	- trunk contains 4.1.3(upcoming).

7 April 2015: Wouter
	- Tag 4.1.2rc2.

2 April 2015: Wouter
	- Made log message more consistent, changed 'axfr refused' log message
	  to be more consistent with other messages.  Also notify refused.
	- verbosity 2 logs axfr refused and notify refused.
	  verbosity 1 contains less log messages.

31 March 2015: Wouter
	- Tag 4.1.2rc1.

24 March 2015: Wouter
	- Fix #654: Fix contradiction in notify logging verbosity level.
	- Incoming notifies have serial number logged (at verbosity 1).
	- Fix #655: Fix contradiction in verbosity for zone transfers.

17 March 2015: Wouter
	- Use reallocarray for integer overflow protection, patch submitted
	  by Loganaden Velvindron.
	- Fix allocation integer overflow checks.

13 March 2015: Wouter
	- Fix buffer overflow in config parse of domain name,
	  reported by John Van de Meulebrouck Brendgard.

12 March 2015: Wouter
	- Updated default keylength in nsd-control-setup to 3k.

10 March 2015: Wouter
	- Fix use after free after zonefile syntax error followed by ttl
	  or origin directive, reported by John Van de Meulebrouck Brendgard.
	- Fix syntax error followed by too many TXT elements parse crash
	  reported by John Van de Meulebrouck Brendgard.

9 March 2015: Wouter
	- Fix origin directive from unused old value and subdomain parser
	  failure, reported by John Van de Meulebrouck Brendgard.

2 March 2015: Wouter
	- Fix b64pton out of bounds error on invalid zonefile input
	  reported by John Van de Meulebrouck Brendgard.

20 February 2015: Wouter
	- Fix segfault on double origin in zone reader (thanks John Van de
	  Meulebrouck Brendgard).

19 February 2015: Wouter
	- Remove dead code domain_table_iterate.
	- Fix segfault in zone reader on invalid input
	  reported by John Van de Meulebrouck Brendgard.

5 February 2015: Wouter
	- Fix #642: Change 'zone read with no errors' to '.. with success'.
	  Patch from Benedikt Heine.

3 February 2015: Wouter
	- Tag 4.1.1 release
	- Trunk is 4.1.2 in development.
	- Remove some duplicate header includes (from Brad Smith).
	- Fix tcp waiting list for zone transfers where the bind and connect
	  calls fail.

29 January 2015: Wouter
	- Fix zonesdir chroot error message.

28 January 2015: Wouter
	- correct some hyphen-used-as-minus-sign (from Andreas Schulze) in
	  man pages.

27 January 2015: Wouter
	- Tag 4.1.1rc1

21 January 2015: Wouter
	- Synthesize CNAMEs with same TTL as DNAME.

12 January 2015: Wouter
	- Fix casts for ctype functions (from Todd Miller).
	- nsd-checkconf -f prints out full name of pidfile (with dir).

9 January 2015: Wouter
	- Fix bug#637: fix that nsd.db grows limitlessly, an off by one
	  on one megabyte free chunks, created during AXFRs of large zones,
	  that caused the one megabyte chunk to be leaked.
	- Fix udb-inspect for one megabyte chunks, counts and statistics.

6 January 2015: Wouter
	- Fix spinning NSD with lots of failing transfers, due to pointer
	  comparison using void pointer subtraction (from Otto Moerbeek).

5 January 2015: Wouter
	- Patch nsd_munin_ from Philip Paeps to use type ABSOLUTE.

4 Nov 2014: Wouter
	- Document zonestat config, and nsd-checkconf access.

3 Nov 2014: Wouter
	- Fix that failure to add tcp to tcp base does not leak the socket.

27 Oct 2014: Wouter
	- Disabled use of SSLv3 in nsd-control.
	- zonestats are cleared (or not, with stats_noreset).

22 Oct 2014: Wouter
	- Test for wildcard fix (from 3.2).

16 Oct 2014: Wouter
	- Fixes for wildcard addition and deletion, speedup for some cases.

15 Oct 2014: Wouter
	- Fix that queries for noname CH TXT are REFUSED instead of nodata.

14 Oct 2014: Wouter
	- per zone statistics with --enable-zone-stats, configure with
	  zonestats: "zonestatidentifier", zones with the same id are added.

10 Oct 2014: Wouter
	- Fix #616: retry xfer for zones with no content after command.
	- Fix char used as array index warnings on NetBSD.

8 Oct 2014: Wouter
	- Fix "xfrd_handle_ipc: bad mode" log errors when compiled 
	  with --disable-bind8-stats.

18 Sep 2014: Wouter
	- Fix that expired zones stay expired after a server restart.

15 Sep 2014: Wouter
	- RFC 7344: CDS and CDNSKEY (read in).

4 Sep 2014: Wouter
	- Tag 4.1.0.
	- trunk is 4.1.1 in development.
	- fix manpage for nsd-checkzone to have version and date.

29 Aug 2014: Wouter
	- Fix install of the nsd-checkconf man page.

28 Aug 2014: Wouter
	- Tag 4.1.0rc1

25 Aug 2014: Wouter
	- Increased default --with-max-ips from 8 to 16, this increases the
	  number of interfaces you can specify in nsd.conf to listen to.

19 Aug 2014: Wouter
	- Remove .LP after .SH in man pages.

7 Aug 2014: Wouter
	- Fix for process swap of main and reload, reload failure from the
	  pipe is acted on, and reload fail not cause nsd to shutdown, also
	  ignore sigchlds from the servermain in reload, that would cause
	  EINTR to break file reads.
	- trunk has version 4.1.

5 Aug 2014: Wouter
	- Fix #600: document that provide-xfr provides AXFR and not IXFR.
	- remove program group fix, because it is not needed.
	- Fix rising-load-average or memory-leaks in OSes (Linux since 2.6),
	  that keep track of all past process parents, or leak memory
	  for them.  Fix makes it so there is no very deep string of
	  process parents.
	  The reload process is now the process parent of servermain.  That
	  makes signals for children arrive at the reload, and servermain
	  has to use closed pipes to detect that children have exited.

1 Aug 2014: Wouter
	- Set program group on main process and its child processes, and
	  kill them on a reload.

20 July 2014: Wouter
	- Fix endian.h include for OpenBSD.

15 July 2014: Wouter
	- Fix -O3 compile flag to -O2 to avoid miscompilations.
	- Allow user to override the -g -O2 CFLAGS in ./configure.

11 July 2014: Wouter
	- fix strptime implicit declaration error on OpenBSD.

9 July 2014: Wouter
	- removed unnecessary arc4random_uniform.

8 July 2014: Matthijs
	- fake-rfc2553 patch (thanks Benjamin Baier).

8 July 2014: Wouter
	- wait and reap processes that are not part of the process group.

7 July 2014: Wouter
	- Code review fixup from NSD3.

30 Jun 2014: Wouter
	- Fix #590: rrl log does not print wildcard as a star but escaped.
	- Fix #591: rrl log messages at verbosity level 1.
	  (If that does not work for everyone, we need rrl-log: yesno option).

27 Jun 2014: Wouter
	- Fixup rr-test test so that it does not fail on the #553 string.

17 Jun 2014: Matthijs
	- Fix #587: Default value for statistics is 0.
	- Remove the shift-reduce conflicts from the bug#553 fix.

5 Jun 2014: Wouter
	- Fix roundrobin cornercase for truncated packets.
	- round-robin: yesno in nsd.conf enabled round robin rotation.

28 May 2014: Wouter
	- Fix #585: yylex_destroy missing, cannot compile on RHEL 5.x.
	- Fix #583: Round-robin for records in the Answer section.

22 May 2014: Wouter
	- Fix zonefile parse with no whitespace before semicolon comments.

16 May 2014: Wouter
	- xfrd reaps children on a timer as well, similar to server_parent.

8 May 2014: Wouter
	- Fix #564: nsd-checkzone tool to check zonefile correctness.

7 May 2014: Wouter
	- Fix #577: makefile incorrectly installed manpages from srcdir.

30 April 2014: Wouter
	- Fix that xfrd reaps all children on every eventloop, because some
	  exited reloads may attach here and need reaping, also if the signal
	  is lost.

23 April 2014: Wouter
	- Fix progress printout for very large zones (numeric overflow).

10 April 2014: Wouter
	- Fix write_socket return value check in server.c (Thanks Brad Smith,
	  Mark Kettenis).

8 April 2014: Wouter
	- nsd-control addzone reports if zone already exists.

7 April 2014: Wouter
	- Fix #571: unused variable and incompatible pointer warnings when
	  compiled on a system without INET6.

27 March 2014: Wouter
	- Fix delete or rename of a lot of zones and make it take a
	  non-enormous time.  Database compaction is deferred.
	- Speed up deletion of zone contents a lot, (56s to 1s), speeds up
	  delete, rename and AXFR for zones.  Defer emptynonterminal checks.
	- Better example config in nsd.conf manual page.
	- log-time-ascii option, default yes, with readable timestamp in log.

25 March 2014: Wouter
	- nsd shuts down during init process if given signal.
	- shorter logging for zone transfer fail rcodes.

24 March 2014: Wouter
	- include: "foo/nsd.d/*.conf" works, wildcard glob on includes.
	- Fix print filename of encompassing config file on read failure.

21 March 2014: Wouter
	- Fix bug in nodatabase mode with ixfrs that change nsec3param
	  (Thanks Anand Buddhdev).
	- Changed maxbackoff for no-content secondary zones from 4h to 24h.
	- nocontent zones are checked on startup, but continue backoff
	  from stored xfrd.state values.

19 March 2014: Wouter
	- made database: "" set the 3600 default for zonefileswrite only
	  if it is also at its default, so that user settings override.
	- Unit test for zonefiles-write.
	- Write xfrd.state for nodb mode again.  Disable xfrd.state with
	  xfrdfile: "" in config.  Does not check slave zone if state is
	  same as last time on startup.
	- Fixed shutdown message sporadically not printed on exit.
	- Documented zonefile %s syntax in nsd.conf man page.
	- Fix manpage to put colon after zonefiles check and write.
	- Change from 'Zone" to "zone" with ".. serial .. is updated" log
	  message.

18 March 2014: Wouter
	- unit test for nodb mode.
	- Speed up zone write (.nl zonefile 30% faster).
	  The memory alloc-dealloc in print_rr has been moved to print_rrs.
	- (from 3.2), fix for #553 and for other TXT string syntax.
	- in nodb mode, xfrd.state is not written out, because the zones
	  are refreshed upon next startup anyway, so keeping timers and state
	  is unnecessary.
	- zonefiles-write option in nsd.conf, enabled when database is "".
	  The server writes changed zonefiles to disk every hour.

17 March 2014: Wouter
	- Speed up zone parsing (.nl reads 40% faster).
	  The rrtype_from_string routine is called often, optimised it.

14 March 2014: Wouter
	- tag 4.0.3
	- trunk has 4.0.4 in development.
	- database: "" starts without mmap of database.  Less memory is used,
	  zones are read from text zonefile.

13 March 2014: Wouter
	- Fix nsd.db unclean close check.  Previous databases are considered
	  unclean by the code and are created anew.
	- Adds nsd.db larger than 400Tb check for sanity. Also test if
	  filesize as documented in the file is correct.
	- nsd waits for tasks to complete on stop, prevents nsd.db corruption.
	- fix to not delete tmpdir too early in shutdown process.

12 March 2014: Wouter
	- tag 4.0.2
	- trunk has 4.0.3 in development.
	- disabled udb checking functionality that made it very slow,
	  this was enabled when enable-checking was turned on.

27 February 2014: Wouter
	- tag 4.0.2rc1

26 February 2014: Wouter
	- Fix that NSD will delete and recreate not-clean-closed databases.

20 February 2014: Wouter
	- Fix from 3.2: make SOA RDATA comparisons in XFR more lenient (only
	check serial).

18 February 2014: Wouter
	- Fix leak of zone name after zonefile read.
	- Fix malloc too large that would be leaked in the radix tree.

14 February 2014: Wouter
	- configure change for easier compile on Minix.

10 February 2014: Wouter
	- Fix #552: zonefile loads on nsd-control reconfig when the name
	  of the file has changed.

7 February 2014: Wouter
	- Fix #551: change Regent to Copyright holder in the LICENSE,
	  to match the definition on opensource.org for the BSD License.

3 February 2014: Wouter
	- Disabled recvmmsg and sendmmsg usage by default because kernel
	  versions have implementation issues: ipv6 ignored, security issues.
	- Detect libevent2 install automatically by configure, and use
	  event2 header files if necessary.
	- Fixup link with lib/event2 subdir.

30 January 2014: Wouter
	- Fix expired zones to give SERVFAIL, also when parent zone loaded.

27 January 2014: Wouter
	- tag 4.0.1.
	- trunk is 4.0.2 in development.
	- rcode REFUSED for queries to non-hosted zones.
	- documented nsd-control zonestatus output in nsd-control manpage.
	- remove mention of nsdc from nsd-checkconf manpage.

21 January 2014: Wouter
	- tag 4.0.1rc2

20 January 2014: Wouter
	- Fix #546:  output format errors in nsd_munin_ (Thanks Tom Hendrikx).

17 January 2014: Wouter
	- Fix type CAA.
	- Fix type EUI48.
	- nsid can be set with "ascii_somestring" in ascii.
	- Fix printout of high-chars in TXT on NetBSD.

16 January 2014: Wouter
	- Unit test for WKS failure.

15 January 2014: Wouter
	- tag 4.0.1rc1

13 January 2014: Wouter
	- Check if configure in srcdir collides with outofdir build.

10 January 2014: Wouter
	- Fix that chroot is removed from zonefile names (for absolute names).

9 January 2014: Wouter
	- Fix that bad IXFR updates do not result in double SOA records,
	  and that an AXFR is started (attempted) when the zone state seems
	  to be inconsistent with the master's zone state.

8 January 2014: Matthijs
	- Bugfix #542: Match RRSIG TTL with SOA TTL in negative response.

7 January 2014: Wouter
	- Fix xfrd when zone transfer TCP contains zero length packets.
	- Fix for NSEC3 zones where parent zone is co-hosted, also NSEC3,
	  because AXFRs overwrote nsec3 administration in the child zone.

2 January 2014: Wouter
	- Log ip address for sendto and sendmmsg failures.

4 December 2013: Matthijs
	- Support for CAA RRtype (RFC 6844).

26 November 2013: Wouter
	- Fix segfaults after read of zones with rr type WKS from zonefile.
	- Seed PRNG for openssl at start of daemon, fixes SSL connection issue.

25 November 2013: Wouter
	- (same as in 3.2.16): fix wildcard cname to nxdomain repeated rrset.

11 November 2013: Wouter
	- Fix bug#534: IXFR query loop over UDP for zones that are unchanged.

11 November 2013: Matthijs
	- EUI48 and EUI64 is now RFC 7043

5 November 2013: Wouter
	- Accept interface: as an alternative for ip-address: for
	  consistency with unbound.conf syntax.

29 October 2013: Wouter
	- tag for 4.0.0 release.
	- trunk has 4.0.1 in development, for bug fixes.

24 October 2013: Wouter
	- Fixup zone change code.
	- tag 4.0.0rc3.

21 October 2013: Matthijs
	- Initialize xfrd zone when changing zone from master to slave
	  and delete xfrd zone when changing zone from slave to master.

14 October 2013: Wouter
	- tag 4.0.0rc2.

14 October 2013: Matthijs
	- Additional log messages with reason why RR to be deleted cannot be
	  found.

14 October 2013: Wouter
	- Fix for zone transfer that has different-cased RRSIG signer names
	  or NSEC next-owner names.

9 October 2013: Wouter
	- tsig errors on incoming tsig print key name and source IP of query.

8 October 2013: Wouter
	- Update documentation for nsd -d option.

7 October 2013: Wouter
	- Fix mini_event ev_once flag to be prettier (review comments Yuri).
	- tag 4.0.0rc1 recreated.

4 October 2013: Wouter
	- Fix bug where if you do not have flex, and then install flex, it
	  would not make without a re-untar of the source.

3 October 2013: Wouter
	- Review changes from Matthijs.
	- doc/README updated, 'nsdc' is now removed.

1 October 2013: Wouter
	- Review commits from Matthijs.
	- doc/UPGRADING updated, review Yuri.

30 September 2013: Wouter
	- tag 4.0.0rc1
	- updated doc/RELNOTES

19 September 2013: Wouter
	- configure --disable-recvmmsg for compat with older Linux kernels,
	  by default it autodetects support in the kernel on the buildmachine.

20 Aug 2013: Wouter
	- Fix time at 2038, uint32s changed to time_t, support 64bit time_t.

19 Aug 2013: Wouter
	- Fix use of 32bit time, for 2038, thanks to Theo de Raadt for patch.

13 Aug 2013: Wouter
	- Bugfix#518 Incorrect RRL prefix length option names in nsd.conf
	  man page from Ville Mattila.

9 Aug 2013: Wouter
	- Fix that xfrd, and nsd-control, does not stop responding when reload
	  errors out.  The pid is sent like it should by server_main.
	- Fix that EOF in quoted string error does not cause reload to exit.
	- Fixup errors from the stack code checker.

6 Aug 2013: Wouter
	- Removed use of random when arc4random is available.  Thus, random
	  and srandom are then not linked with the executable.

16 Jul 2013: Wouter
	- Fix segfault with no logfile and chroot (Thanks Patrik Lundin).

15 Jul 2013: Wouter
	- beta 5 tag.
	- trunk has beta6 named in configure.

9 Jul 2013: Wouter
	- unlink xfr file if transfer is stopped, timeouted or interrupted.
	  And unlink xfr file in progress when the zone is deleted.

8 Jul 2013: Wouter
	- Increase tcpbacklog default to 256 (silently capped to 128 on BSD).
	  For remote control keep it at 16, it has less TCP load.
	  It does not actually increase TCP performance (some except), but
	  reduces connection loss when there is a spike in TCP connections.

5 Jul 2013: Wouter
	- nsd-mem stores temp files in current dir because /tmp is too small. 
	- printout pct parsed, read, nsec3 and written every 100.000 elements
	  and after 5 seconds.  For big zones.

3 Jul 2013: Wouter
	- region-allocator has list of large allocations, so delete is in O(1).
	- recursive readroutine for speedup of nsd.db reads (30%).
	- udb-inspect prints type summary of nodes in nsd.db.

28 Jun 2013: Matthijs
	- Update tmp serial in xfr checking.

28 Jun 2013: Wouter
	- nsd.db 12% smaller, no nsec3 hash storage.  Also ups udb version
	  because of the format change.  printout udb write complete for
	  debug.
	- Fix warning in labellength 0 code.

27 Jun 2013: Matthijs
	- Better XFR checking, fallback to AXFR (if allowed) if three
	  malformed XFR packets have been seen.
	- zonec: Don't crash on domain names with label length 0.

25 Jun 2013: Matthijs
	- Rename --enable-eui-rrtypes to --enable-draft-rrtypes.

25 Jun 2013: Wouter
	- acx_nlnetlabs.m4 update, --disable-flto.

20 Jun 2013: Matthijs
	- Use IPV6 minimum MTU settings with TCP to reduce failures that
	  are caused by delays in learning working PMTU when communicating
	  through a tunnel.
	- Improved RRL logging: also print triggering query src addr and qtype
	  (thanks Klaus Darilion).
	- Merge some minor stuff from NSD3.2

18 Jun 2013: Matthijs
	- Add rrl-slip config option (thanks Stephane Bortzmeyer).
	- Add rrl-ipv{4,6}-prefix-length config option.
	- Bug #496: Support for EUI48 and EUI64 RR types.

14 Jun 2013: Wouter
	- Optimizations: -O3 if possible (user can override CFLAGS), udp
	  buffers are set to 1m by default (if socket options exist),
	  use recvmmsg and sendmmsg, or only recvmmsg, or recvfrom.

11 Jun 2013: Wouter
	- Fix memory leak in zone parser for txt record (since the large
	  number of txt subsections fix).
	- Fix zone parser allocations to be in db region.
	- nsd-mem prints advice

5 Jun 2013: Wouter
	- Fix segfault on repeated reconfigs, double free of zone apex name.

4 Jun 2013: Wouter
	- Remove duplicate zlfile variable from options structure.

30 May 2013: Wouter
	- Fix nsd-mem for printout of values above 4G.

16 May 2013: Wouter
	- Patch from Lukas Wunner that makes chroot more consistent.
	  Make all paths absolute with the chrootdir in front, or use
	  an absolute zonesdir with other patsh relative to that.

3 May 2013: Wouter
	- Fix race on exit of nsd, for restarts, so that the pidfile-pid
	  process waits until port53 has been closed before exiting.
	- update acx_nlnetlabs.m4 to v23, sleep w32 fix.

29 April 2013: Wouter
	- Remove unused pointer and fixup chroot include for trail slash.

26 April 2013: Wouter
	- Patch from Lukas Wunner that makes nsd.conf include files work
	  inside chroot/etc environments on repattern and reconfig.

25 April 2013: Matthijs
	- New config option "ip-transparent:", to bind to non local addresses
	  (thanks Arjen Zonneveld).
	- RRtypes ASFDB, RP, RT should not compress dnames (thanks Peter
	  van Dijk).

19 April 2013: Wouter
	- own snprintf, fix use of snprintf return value (in debug print).

18 April 2013: Wouter
	- fix bug #491: pick program name (0th argument) as syslog identity.

9 April 2013: Wouter
	- Bug #494: Exit with return code 1 if socket code fails. (from 3.2)
	- Fix B64_NTOP replacement definitions in configure.ac.

26 March 2013: Wouter
	- update lookup3.c with better endianness detection.

25 March 2013: Wouter
	- faster nsec3 updates.
	- Fixup contrib/bug390.patch for 4.0.0b4.
	- remove leak of nsec3.
	- allocate radixtree in region for small (5%) total savings and
	  about 15% savings in the radixtree itself (due to many small alloc
	  savings in region).

22 March 2013: Wouter
	- use less memory for non-nsec3, nsec3tree.

18 March 2013: Wouter
	- update nsd-mem with pretty printout and RRL count.

14 March 2013: Wouter
	- Fix memory statistics in nsd_munin_.

8 March 2013: Wouter
	- nsd-mem tool initial commit.

7 March 2013: Wouter
	- notify information is logged at correct verbosity level, 1.

5 March 2013: Matthijs
	- Add hash to rrl bucket

5 March 2013: Wouter
	- Fixup the growth and shrinkage of nsd.db.  This should use less
	  calls to remap and change the file and mmap size.

15 February 2013: Wouter
	- Fix compile on bigendian netbsd alpha.
	- Fixup tests for older dig (check if +noedns option is supported)

11 February 2013: Matthijs
	- Fix outgoing-interface: Don't fail if family is IPv6 but
	  only IPv4 outgoing-interface is set, or vice versa.

11 February 2013: Wouter
	- fix tcp zonetransfer pipeline lookup function.
	- remove compiler warning for memset from tsig read.

7 February 2013: Wouter
	- detect endianness in lookup3 on BSD, patch from Brad Smith.
	- nsd-control verbosity prints out verbosity level without argument.
	- nsd-control status prints out ratelimit if ratelimit is enabled.

5 February 2013: Wouter
	- Fix that old zonefile does not override newer AXFR for slave zones.
	- Nicer printout of notify.
	- beta4

4 February 2013: Wouter
	- Fix AXFR of NSEC3 slave zone.

1 February 2013: Wouter
	- Less printout of 'bad transfer'.

31 January 2013: Wouter
	- Fix that nsec3 zones are precompiled when read from udb.  This
	  caused assertion failures.
	- Fix is_apex flag for zones read from udb.

29 January 2013: Matthijs
	- RRL documented in nsd.conf.sample

29 January 2013: Wouter
	- printout log less verbosely, not every axfr packet.
	- remove printout of "bad transfer" to the log for notimpl.
	- fixup tests for new netstat and new netcat.

25 January 2013: Wouter
	- fix gcc warning, do not use uninit value for rng init.
	- fix zonefiles-check: entry in nsd.conf
	- remove -fwhole-program gcc flag usage.  We cannot reliably detect
	  if it works without failure.

23 January 2013: Wouter
	- beta3

22 January 2013: Wouter
	- Fix time calculation of zone transfer.
	- log ip address with tcp failure.  

21 January 2013: Wouter
	- Improve tabs in sample nsd.conf for different tabsizes.
	- Fix segv if xfrdir does not exit.
	- create xfrdir on make install (does not remove on make uninstall,
	  because this could be /tmp).
	- do not leave task files in /tmp if nsd fails to startup because
	  of file permissions.
	- do-ip4 and do-ip6 nsd.conf options just like unbound.
	- fixed testset for dig9 default with edns.

18 January 2013: Wouter
	- Fix configure for gentoo gcc and headers.
	- List libevent in README.
	- Tabs and spaces nicer in nsd.conf.sample.
	- Fix spurious assertion failure for some rrl blocks.

16 January 2013: Wouter
	- Added zonefiles-check option, default yes, check mtimes of zone files
	  on sighup and startup (from Robin Hack).

15 January 2013: Wouter
	- documented that the _implicit_ pattern names are used internally.

10 January 2013: Wouter
	- updated RELNOTES.
	- applied patch from Robin Hack to remove double pid file truncation.
	- repattern is called reconfig (because most config options are
	  picked up, except for superuser options (chroot, logfile, port)).
	- document that the zonefile attribute can be empty.

9 January 2013: Wouter
	- 4.0.0b2 is beta2 version tag.

8 January 2013: Matthijs
	- Merge changes from 3.2.15 with trunk:
		* Update docs: CREDITS, NEW-CFG-OPTION, REQUIREMENTS,
		  RELNOTES, TODO
		* Update dname_test.tpkg test.
		* TSIG init only fails if no digests at all can be found.
		* Remove unused tsig_get_algorithm_by_id code (was used by
		  nsd-xfer).
		* Fix some fd leaks.
		* Bug #485: Fallback to DEFAULT_TTL if MSB is set.
		* Fix RCODE when xNAME loop final answer not exist to NXDOMAIN.	

8 January 2013: Wouter
	- Fix make outside of source directory.

7 January 2013: Wouter
	- fixed uninit variable for empty zone axfr request
	- fixed alloc of acl options for config zones so they can be deleted.
	- fixed that pattern name is copied, so that patterns stay the same.
	- repattern also rereads the zones in the config file and applies that
	  to the running server.

21 December 2012: Wouter
	- --with-logfile sets the logfile inside the example documentation.
	- Fixed addzone and delzone inside chroot (thanks Will Pressly).

19 December 2012: Wouter
	- Fixup for libevent-2.1.2.

18 December 2012: Wouter
	- makedist makes sha256 for tarballs.
	- nsd-control start runs an absolute path to start sbin/nsd.

17 December 2012: Wouter
	- Fix for use with libev (no use of event.ev_flags).

12 December 2012: Wouter
	- 4.0.0b1 is beta1 version.

11 December 2012: Matthijs
	- Better ILNP RR parsing (thanks Stephane Bortzmeyer).

11 December 2012: Wouter
	- fix libevent=no signals on Solaris.
	- Fix handle of activated zones from timeout event.
	- contrib/nsd_munin_ updated with memory lookup for BSD.

10 December 2012: Wouter
	- implement --with-libevent=no.

10 December 2012: Matthijs
	- Bug #483: Better error messages for TSIG errors.
	- RFC 2845: If BADKEY or BADSIG, RCODE should be NOTAUTH.
	  Also, continue TSIG verification if NOTAUTH.

7 December 2012: Wouter
	- stable pidfile, xfrd is process leader and forks server-parent.

5 December 2012: Wouter
	- NSD4_imp_6 tag.
	- trunk has imp_7 implementation.

4 December 2012: Wouter
	- NSD-RRL documented in manpage.

3 December 2012: Wouter
	- Fixup exit of server-child while notifies are incoming.

28 November 2012: Wouter
	- RRL implements classification type RRSIG.

26 November 2012: Wouter
	- Fix to make nsd.udb portable between 32bit and 64bit machines.
	- Fix to make udb mmap work for FreeBSD8 when it grows significantly.

23 November 2012: Wouter
	- Fix compiler warnings and fix blocking pipes.
	- default tcp-count set to 100.

21 November 2012: Wouter
	- Implement rrl log of unblock for collision.
	- imported TLSA and ILNP support from NSD3.

19 November 2012: Wouter
	- Fix bug 480: libevent use when tcp-count is hit caused hang (in NSD4).

9 November 2012: Wouter
	- Log when NSD-RRL stops a stream from being blocked.

8 November 2012: Willem
	- Fix AXFR. Loop through the zone to transfer only.

2 November 2012: Wouter
	- Fix bug 478: declaration after statement (for gcc 2.95).

1 November 2012: Wouter
	- Fix default settings for RRL.

30 October 2012: Wouter
	- review fixup of RRL SLIP response.
	- RRL uses dev/random at start, nonRRL does not.

26 October 2012: Wouter
	- nsd-control repattern also changes rrl-ratelimit and whitelist limit.

17 October 2012: Wouter
	- Fix alignment problem in zone transfer pipeline code.
	- Fix random generator generating negative.
	- Fix udb radtree strspace creation bug.

15 October 2012: Wouter
	- Fix activated zone does not interrupt transfer.
	- Log of connection failure for zone transfer is neater.

12 October 2012: Wouter
	- Fix invalid time argument in nsd control (for OpenBSD).

11 October 2012: Wouter
	- Fix build on OpenBSD (Thanks Oliver Peter).
	- tpkg for RRL.

10 October 2012: Wouter
	- implement nsd-checkconf option use of rrl-whitelist.

9 October 2012: Wouter
	- with --enable-ratelimit you enable ratelimiting, with verbosity 2
	  it logs what is ratelimited for operational inspection.
	- unit test for rrl.
	- rrl uses mmap to save state across reloads.
	- rrl enum and u16 flags (dnskey type).
	- rrl whitelist and config.

8 October 2012: Wouter
	- Sync with unbound lookup3, has raninit value.

5 October 2012: Wouter
	- fix bug with event loop in zone transfer pipeline.
	- close xfrd_sock_p in server_child because otherwise due to use of
	  kqueue, it gets a broken pipe when that process exits (on FreeBSD).

4 October 2012: Wouter
	 - Fixup no use of internals ev_flags of libevent.

1 October 2012: Wouter
	- fix xfrd tcp skip.

21 September 2012: Wouter
	- tzset before chroot for correct timezone (from Camiel Dobbelaar).
	- pipeline support for AXFR and IXFR tcp queries.

11 September 2012: Wouter
	- writev support for TCP.

28 August 2012: Wouter
	- TXT records with components longer than 255 fail to parse,
	  but without segfault, it continues processing with non NULL value.

27 August 2012: Wouter
	- libevent in server_child.

21 August 2012: Matthijs
	- Fix bug#464: Conditionally define MAXHOSTNAMELEN

20 August 2012: Wouter
	- Fix hang on exit in xfrd.
	- optimized socket counts for zone transfer speed.

13 August 2012: Wouter
	- Fix xfrd libevent events.

10 August 2012: Wouter
	- libevent in xfrd.

26 July 2012: Yuri
	- Prioritize notify sender for requesting XFR.
	  (thanks Ilya Bakulin)

19 July 2012: Willem
	- Fix for VU#624931 CVE-2012-2978: NSD denial of service 
	  vulnerability from non-standard DNS packet from any host
	  on the internet.
	  http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt

18 July 2012: Wouter
	- Fix bug#460: man page correction - identity.

9 July 2012: Wouter
	- delete temporary transfer files on exit of xfrd and reload.
	- when tasks are applied, reload checks if it must exit between
	  tasks, so that it can quickly exit when NSD is told to quit.
	- fix bug in apply_xfr that must use an udb_ptr because it shifts
	  when new allocations are made.

6 July 2012: Wouter
	- add xfrdir: "/tmp" option and configure --with-xfrdir="/tmp".
	  The nsd.task files and a subdirectory for zone transfers are
	  created there.

2 July 2012: Wouter
	- fix checkconf unit test and add test for backwards compatibility
	  for difffile: "x" statement.

29 June 2012: Wouter
	- Implemented /tmp/nsd.xfr.xxx/ to replace ixfr.db.  So that nsdc
	  patch is no longer needed.

8 June 2012: Wouter
	- Fix tpkg test cutest_qroot and rr-test for printout of algorithms
	  as numbers, and copy of DO flag to the answer.
	- pick up fd fix from 3_2 branch: Some more fd >= 0 to fd != -1 fixes

31 May 2012: Matthijs
	- Sync with 3.2 branch

24 February 2012: Wouter
	- Fix for qtype ANY for a wildcard domain in NSEC signed zone.

9 February 2012: Wouter
	- Update acxnlnetlabs.m4 version 21, fixed MEMCMP_BROKEN #undef line.

23 January 2012: Wouter
	- remove clang security warning about %n in format string.

20 January 2012: Wouter
	- Fix bug #430: segfault when MAX_INTERFACES set to more than 65K.
	- Fix configure for OpenIndiana sunos 5.11, acx_nlnetlabs.m4 update.

12 January 2012: Matthijs
        - Fix bug #421: truncate pidfile on shutdown, before unlink.

10 January 2012: Wouter
	- removed unused variables.

10 November 2011: Wouter
	- acxnlnetlabs.m4 updated to version 16, better lto check (a.out drop).

3 November 2011: Wouter
	- fflush zonelistfile after zone add or delete.

1 November 2011: Wouter
	- Fix -flto detection for llvm compiler on Lion.

10 October 2011: Matthijs
	- Don't clear the AA bit if there is an authoritative CNAME in the
	  answer section (as shown in RFC 1034, Section 6.2.7, 2nd example).

10 October 2011: Wouter
	- squelch EPIPE when writing AXFR, enable with verbosity 2.

26 September 2011: (Matthijs, from NSD3_2 branch)
	- Copy the DO bit to the response.
	- Don't return SERVFAIL on a domain that looks like a NSEC3
	  domain but is actually a empty non-terminal.

19 August 2011: Wouter
	- Fix segfault if no logfile is used.

5 August 2011: Wouter
	- Fix make from repeating action already taken.
	- Fix compile without openssl.

3 August 2011: Wouter
	- silence 'Broken pipe' messages in log (visible with verbosity 2).
	- fix makedist.sh for removal of patch, notify, xfer. new nsd-control.
	- tag 4.0.0-imp-5 created.
	- trunk is 4.0.0-imp-6 under development.
	- added nsd_munin_ script for statistics monitoring to contrib.

2 August 2011: Wouter
	- fix compile on Ubuntu 11.04 systems, detects cc system header issue.

1 August 2011: Wouter
	- fix checkconf test for remote control options.
	- fix warning on Ubuntu 10.04, fix autoconf 2.68 warning on NetBSD.

29 July 2011: Wouter
	- zones with no zonefile are not written to text (assumes you can
	  get AXFR and IXFR for the contents).  They are stored in nsd.db.
	- test for repattern.

28 July 2011: Wouter
	- nsd-control repattern reads TSIG and pattern configuration.

25 July 2011: Wouter
	- fixed tests for removed tools from nsd, with replacements.
	  replaced nsd-patch with nsd-control write. replaced nsd-notify with
	  ldns-notify. replaced nsd-xfer with dig -t axfr.
	- fix for xfrd restart if crashed. xfrd knows if a reload is
	  active at that time so it cannot start another one at the same
	  time.  New shortsoa track for start that does not use taskdb
	  in use by reload.  taskdb in use by crashed xfrd is recreated,
	  in case it is corrupt.  This keeps the nsd.db intact, keeps
	  reload running with its updated and keeps service from the
	  server processes active.

22 July 2011: Wouter
	- added contrib/nsd.init (nsdc.sh that only does start,stop).
	- removed nsdc.sh, nsd-xfer, nsd-notify, nsd-patch.
	  for rc.d: contrib/nsd.init, or platform specific init script.
	  nsd-xfer: see nsd-control transfer, or force_transfer.
	  nsd-notify: see nsd-control notify.
	  nsd-patch: see (cron job to) nsd-control write.

21 July 2011: Wouter
	- nsd-control notify, transfer and force_transfer.
	- fix for bug in write and reload zone option.
	- nsd-control zonestatus command.

20 July 2011: Wouter
	- reload can be given optional zone argument.
	- nsd-control reopen_logfile.
	- nsd-control write changed zonefiles.

18 July 2011: Wouter
	- Fix xfrd activation of zones to not break running zone transfers.

13 July 2011: Wouter
	- fix that signal causes stats to be printed to log.
	- fix stats without remotecontrol.
	- ignore notify and soainfo for deleted zone, if due to race they
	  arrive after the deletion.
	- tpkg test for nsd-control, addzone and delzone

5 July 2011: Wouter
	- fix link to ssl with FreeBSD make.

1 July 2011: Wouter
	- fix optimize compile to link with ssl.

29 June 2011: Wouter
	- nsd-control delzone zone.  Removes zone from zonelist.
	- stats includes number of zones.
	- RAXFR stat, which has not worked since NSD 1.2.4, reinstated.
	- print more memory statistics, for xfrd and config.

28 June 2011: Wouter
	- nsd-control addzone zone pattern.  Adds new zone, slave or master.

27 June 2011: Wouter
	- nsd-control stats and stats_noreset (if enabled at compile time).
	  nsd does not print statistics to logfile if period is 0.

23 June 2011: Wouter
	- -flto check supports clang compiler.

22 June 2011: Wouter
	- remote control, config, client, setup and status command.
	- reload nsd-control command.
	- stop nsd-control command.
	- verbosity nsd-control command.

14 June 2011: Wouter
	- Fix to have no authority NS set processing for CNAMEs.

9 June 2011: Wouter
	- fix bug that relptrs have to be initialized with rel_ptr_init() when
	  created and zeroed with rptr_zero before deletion.
	- tag 4.0.0-imp4 created
	- trunk is 4.0.0-imp5 under development.

8 June 2011: Wouter
	- nsd reads the zonelist file on start.
	- updated acx_nlnetlabs.m4 to version 11.
	- configure checks size of off_t and increase region-allocator
	  alignment to 8 if it is 64bit and alignment at 4.
	- fixed bug where not all references were removed before mmap was
	  synced to another process.

7 June 2011: Wouter
	- code to add and remove zonelist entries, and unit test.

6 June 2011: Wouter
	- fix unit tests for mmap with TODO and removal of -f in nsd-patch.
	- zone expiry is communicated via the mmap, and not via the pipes,
	  simplifying the code significantly as well as making a large number
	  of zones more feasible.

1 June 2011: Wouter
	- mmap used for parent-xfrd communication of tasks and task results.
	  SIGHUP is sent to xfrd so it can become a task in the normal
	  workflow. This can process about 4500 zones per second (this was
	  with lots of debug prints per zone, in debug compile). The mmaps
	  are file-backed with /tmp/ files.  They are removed on a clean exit.
	- nsd.db and tmp mmaps are created with mode 0600 for safety.
	- updated flag removed, nsd-patch always in -f force mode (-f removed)
	  and writes all zones always. Its role is taken over by task results.

30 May 2011: Wouter
	- Fix Makefile for U in environment, since wrong U is more common than
	  deansification necessity.

27 May 2011: Wouter
	- xfrd is forked before the database is read in, thus it does not
	  consume the memory of the database.  It can be reforked on a crash,
	  which is like the current case.  Difffile is cleaned by main process
	  and the soa serials are all sent via pipe instead of via forkmem.

24 May 2011: Wouter
	- implemented patterns in the nsd.conf file.
	  they can be instantiated with include-pattern: x.
	  existing zone definitions keep working (backwards compatible), such
	  zones really have an implicit pattern and cannot_delete flag set.
	- work on zonelist read and storage.

20 May 2011: Wouter
	- from NSD_3_2 branch the fix: bug if the zonefile is changed for a
	secondary but stored transfers are applied, and stop ixfr to empty.
	The zone is flagged with error, and the good zone is still in nsd.db
	for NSD4.

17 May 2011: Wouter
	- unit test for code coverage on nsec3 ixfr.
	- tag 4.0.0-imp3 created
	- trunk is 4.0.0-imp4 under development.

13 May 2011: Matthijs
	- Fix bug #381 - Binary escaped and transfers.

13 May 2011: Wouter
	- Unit test nsec3 salt change and fix for sanity check of nsec3 chain.
	  pretty prints the nsec3 parameters if verbose.

12 May 2011: Wouter
	- more unit test for nsec3 precompile changes.
	- unit test for salt change, rehash in udb fix, remove last NSEC3
	  from chain works, NSEC3PARAM RR fixed up if RR added or removed
	  from NSEC3PARAM RRset, hashtrees cleared properly, precompile clear
	  more thorough (not dependant on nsec3_conditions).

11 May 2011: Wouter
	- fixes for nsec3 precompile code: precompile for empty nonterminals
	  created when an RR is added. If SOA removed, precompile stays
	  coherent even though domain_find_zone no longer returns correct zone.

21 April 2011: Wouter
	- unit test and fixes in nsec3 precompile code.

20 April 2011: Wouter
	- incremental NSEC3 precompile.

14 April 2011: Wouter
	- remove chnum. Added numlist sorted by domain.number.
	  domains that are not used are removed.

13 April 2011: Wouter
	- Fix is_existing flag for ENT when domain that has a shared ENT
	  is deleted by IXFR.
	- zonec can parse strings with RR in it.
	- unit test for namedb.

8 April 2011: Wouter
	- porting complete.
	- tag 4.0.0-imp2 created
	- trunk is version 4.0.0-imp3.

7 April 2011: Wouter
	- ported to sunos 4.1.4, the unit test works (udb, radtree in mmap).

6 April 2011: Wouter
	- UDB_CHECK is enabled if --enable-checking is used.
	  Because it checks the pointer-administration lists it slows down.
	- udb-inspect has feature -l that lists zones (and RRs) in nsd.db.
	- fix memory leak by zonec; the region_cleanup triggers too late.
	- set listen TCP_BACKLOG to 16 by default, it avoids connect reset
	  by peer in 1000-zones transfer on an ultra10, thus for many-zones.
	- default xfrd-reload-timeout to 1 second.

5 April 2011: Wouter
	- Fix uninitialised value in xfrd nsd_soa, the rdata_count.
	- Unit test for update of the nsd.db with new contents.
	- Fix array bounds check in radtree-search function.

4 April 2011: Wouter
	- removed zonec from tests. fix unknown_rr test, enable ipseckey test.
	  increased timeouts on tests that are hard on the filesystem.
	- Fixed IPSECKEY printout by nsd-patch.

30 March 2011: Wouter
	- nsd edits nsd.db for IXFR and AXFR messages.  since xfrd already
	  checks zone transfers completely for syntax those errors cannot
	  happen, if they do (memory, disk error) the file is left dirty,
	  to be recreated on the next start (and the process dies).

29 March 2011: Wouter
	- nsd recreates nsd.db if it has not been closed properly or is
	  corrupted (bad header or wrong file format).

28 March 2011: Wouter
	- NSD without zonec.  NSD loads zonefiles on start.
	  NSD stores NSEC3hashes on disk.

25 March 2011: Wouter
	- Fix bug #365, you can set NSDC_ZONEC_VERBOSE and NSDC_PATCH_STYLE
	  in the environment where nsdc runs.
	- Fix bug #375, typos in nsd.conf.5.
	- First step of bug #369: RRSIG DNSKEY sets zone to be treated DNSSEC.
	- Fix bug #302, nsd accepts XFR but refuses to re-read the slave zone.
	- NSD4 work: removed zonec, nsdc patch does not write text files
	  for slave zones (as if option is always to binary, this capability
	  returns later), nsdc patch deletes the ixfr.db.
	  kill-HUP rereads zone files that have changed.

24 March 2011: Wouter
	- compile fixes for BSD. preserve RRset order.

23 March 2011: Wouter
	- udbzone, store and read zone data in the random-access udb format.

21 March 2011: Wouter
	- udbradtree works. udb-inspect tool can print radtree details.

16 March 2011: Matthijs
	- undo fix bug#325: messes up dname compression

14 March 2011: Wouter
	- udb code added.  uses lookup3 from unbound (public domain).
	- unit test for radix tree in cutest.
	- unit test for udb in cutest.
	- udb-inspect tool to printout internals of udb files.
	  for debug, not installed or built by default.
	- removed --disable-radixtree option.

11 March 2011: Wouter
	- Removed precompile features, speed gain took too much memory.
	- domain number to size_t.

9 March 2011: Wouter
	- DNAME synthesis of CNAME.  Uses TTL of the DNAME record.
	- nsec3 and wildcard code.  No additional section for wildcards.
	  Also CNAME and DNAME replies contain only that record (and synth
	  CNAME), the chain is not followed.

8 March 2011: Wouter
	- precompile work:
		class ANY gets AA flag, SOA and type-NS processing, just
		like BIND (9.6) and it simplifies processing for NSD.
	  other than compression difference (precompile compresses smaller),
	  there are no differences in a 49000 query testset against the root,
	  without EDNS.

7 March 2011: Wouter
	- check chown value and report high verbosity its error.

3 March 2011: Matthijs
	- fix #bug352: fix hardcoded paths in manpages.

2 March 2011: Matthijs
	- fix #bug354: make realclean cleans too much
	- added make devclean for cleaning up autoconf and automake stuff
	- Fix hardcoded paths in nsd.conf.sample and nsd.conf.5

24 February 2011: Matthijs
	- fix #bug350: refused notifies should log client ip.

2 March 2011: Wouter
	- Fix AXFR service with radix tree.
	- cutest for speed of answer encoding, and format of answers for root.

1 March 2011: Wouter
	- after merge, remove double -I. from makefile.
	- radixtree is default.  Nicer makefile and no warnings from unused
	  flex functions.

1 March 2011: Wouter
	- merge with trunk r3181:
	24 February 2011: Matthijs
		- fix #bug350: refused notifies should log client ip.
	24 February 2011: Wouter
		- fix bug#362: outgoing-interface and v4 vs. v6 leads to spurious
		  warning messages.
		- fix bug#363: nsd-checkconf -v does not print outgoing-interface ok.
		- fix that nsd-checkconf -o outgoing-interface omits NOKEY.
	23 February 2011: Wouter
		- fix for bug#357, make xfrd quit with many zones.
		
23 February 2011: Wouter
	- Merge trunk r3151.
		22 February 2011: Matthijs
			- Patch Jakob Schlyter (setusercontext before chroot).
		18 February 2011: Wouter
			- overhaul of testset, with port uniqueness and fast start and stop.
		11 February 2011: Wouter
			- added test case to do with bug357.
		24 January 2011: Matthijs
			- Patch Tom Hendrikx (only errors to stderr when doing nsdc patch).

17 February 2011: Wouter
	- Fix leak of compressiontable when the domain table increases in size.
	- added test case to do with bug357.

10 February 2011: Wouter
	- Merged with trunk r3115 changes:
		20 January 2011: Wouter
			- Fix on shutdown, then getaddrinfo acquired data uses freeaddrinfo.
		19 January 2011: Wouter
			- Bug #348: no -I/usr and -L/usr for libcrypto in /usr.
		5 January 2011: Matthijs
			- Fix nsdc update and nsdc notify
			- Force outgoing interface to be a single range acl
			- Update documentation about acl options
			- Code review
			- Fix nsdc so it can use hmac-sha* tsigs
			- Bug #347: NSEC3 nodata QTYPE=DS not at delegation mismatch
		4 January 2011: Yuri
			- Doc spelling error, bug#345
		15 December 2010: Wouter
			- fix race condition when nsd is stopped while a reload is in
			  progress, often when rc.d does nsdc patch; nsdc stop in sequence.
			  reload is now signalled to stop too.
		10 December 2010: Matthijs
			- fix bug#306: applied documentation patch
			- fix bug#253: now also for QTYPE=DS.
		12 October 2010: Wouter
			- Fix compilation on SunOS4.
		24 September 2010: Matthijs
			- Bug #328: nsd-checkconf overrun
		1 September 2010: Yuri
			- Support for huge TXT records.
		23 Aug 2010: Wouter
			- fix bug#325: remove stale files from cvs from repo.
		16 Aug 2010: Yuri
			- zonec, MAXRDATALEN check was off by one.
		9 Aug 2010: Matthijs
			- nsdc return 1 outside function, should be exit 1
			- Bug #320: arc4random
		2 Aug 2010: Matthijs
			- Bump to 3.2.7.
		21 July 2010: Wouter
			- NUM_RECV_PER_SELECT 100 implemented, configure check if kernel
			  supports this.

17 January 2011: Matthijs
	- Bump to 3.2.8.

5 January 2011: Matthijs
	- Fix nsdc update and nsdc notify
	- Force outgoing interface to be a single range acl
	- Update documentation about acl options
	- Code review
	- Fix nsdc so it can use hmac-sha* tsigs
	- Bug #347: NSEC3 nodata QTYPE=DS not at delegation mismatch

20 July 2010: Wouter
	- Branched from trunk. Added radix tree.
	- use -fwhole-program if gcc supports it.

19 July 2010: Matthijs
	- fix bug#314, NSEC next field now correctly escapes spaces.
	  Also fixes label overflow issue.
	- Put back HAVE_SSL.
	- Code reviews.
	- Add donor text.

6 July 2010: Wouter
	- Compiles on Minix 3.1.7; checks ss_family, suseconds_t, some
	  warning fixes.  Needs socketpair to work, e.g.
	  http://wiki.minix3.org/en/SummerOfCode2010/UnixDomainSockets.

2 July 2010: Wouter
	- Put back CHECK_SSL in configure (removed with disable-tsig).

17 June 2010: Matthijs
	- Expand command line option '-a' and config option 'ip-address:'
	  with port number.
	- Removed --disable-nsid, --disable-dnssec, --disable-tsig

14 April 2010: Matthijs
	- Bump to 3.2.6.

14 April 2010: Matthijs
	- uintptr_t fallback value to void*
	- Backwards compatibility for MAP_ANONYMOUS
	- Tag 3.2.5.

31 March 2010: Matthijs
	- Commit b64_pton optimalized compat code (Martin Svec).
	- Commit (experimental) mmap-alloc-namedb patch (Martin Svec).
	- Commit parse-token-leaks patch (Martin Svec).

27 March 2010: Wouter
	- fix bug#303: misspelled error message.

19 March 2010: Wouter
	- documented nsid: "hex string" setting in nsd.conf.sample.

24 February 2010: Matthijs
	- nsid: option
	- Enable NSID support by default
	- --with-chroot configure option
	- Less stupid chroot error handling

15 February 2010: Matthijs
	- Skip memory cleanup to speed up reload (Martin Svec)

1 February 2010: Wouter
	- compat code for memcmp unsigned comparisons.

21 January 2010: Wouter
	- fixup debug sprintf to snprintf.

21 January 2010: Matthijs
	- Secure string functions, including compat code for strlcat.
	- Randomness utility function
	- Prepare for default chroot

6 January 2010: Wouter
	- check write errors when marking commit failed when difffile is broken.

6 January 2010: Matthijs
	- Move to 3.2.5

23 December 2009: Matthijs
	- Store new options in nsd structure.

22 December 2009: Matthijs
	- New options 'ipv4-edns-size:' and 'ipv6-edns-size'.
	- Bug 276
	- Bug 286
	- Bug 288

21 December 2009: Matthijs
	- New option 'tcp-query-count:'.
	- New option 'tcp-timeout:' and configure option '--with-tcp-timeout'.
	- New zone option 'notify-retry:'.

11 December 2009: Wouter
	- Disable UDP IPv4 DF flag on Linux/FreeBSD/AIX with socket option.

20 November 2009: Matthijs
	- NSID bugfix: NSD did not recognize NSID in the query.

9 September 2009: Matthijs
	- DLV support

18 August 2009: Matthijs
	- Bug 269.
	- Typo: logincap.h -> login_cap.h

12 August 2009: Matthijs
	- Maintainers feedback

10 August 2009: Matthijs
	- Code review.
	- Also send errors to /dev/null in controlled_stop.
	- chown nsd.db

7 August 2009: Matthijs
	- Bug 266: don't have strptime build error

28 July 2009: Matthijs
	- Bug 263: make TSIG algorithms comparison case insensitive.

23 July 2009: Matthijs
	- Patch Paul Wouters for NSD using hardcoded name.

13 July 2009: Matthijs
	- Bug 236: allow RRs before the SOA RR.
	- Bug 253: No need for NS RRset in authority section, when returning
	  final answer for QTYPE=DNSKEY.

29 June 2009: Wouter
	- patch for use of Linux IPV6_MTU option, so that on linux the default
	  EDNS UDP size advertised becomes 4096 over IPv6.  It fragments the
	  packets using the IPv6 minimum MTU.

19 May 2009: Matthijs
	- Clean up configure script (install hickup)
	- Bug 249: Remove unnecessary LLONG_MIN and LLONG_MAX code.
	- Replace strtoll code with own strtoserial function.
	- Move up to 3.2.3.

11 May 2009: Matthijs
	- Add Off-by-one test

6 May 2009: Matthijs
	- Small fix in SO_REUSEADDR warning log message.
	- Off-by-one bugfix (thanks Ilja van Sprundel, IOActive)

29 April 2009: Matthijs
	- A more ensured do_stop (useful fo nsdc restart).

2 February 2009: Matthijs
	- Bugfix #234.
	- Bugfix #235.
	- Reset 'error occurred' after notifying an error occurred at the $TTL or   
		$ORIGIN directive (Otherwise, the whole zone is skipped because the
		error is reset after reading the SOA).

2 February 2009: Matthijs
	- Bugfix: return BADVERS when EDNS version > 0, instead of 0x1<FORMERR>.

19 January 2009: Matthijs
	- Bug 230: nsd-*: use stdout for non-error output (instead of stderr).
	- Don't do strptime test when cross compiling.

17 January 2009: Jelte
	- Fix file rotation when no logfile but chroot.

8 January 2009: Matthijs
	- New nsd-patch option -o dbfile (set output.db)
	- update nsdc to deal with the new nsd-patch options
	- strptime compat fix

6 January 2009: Matthijs
	- New nsd-patch option -s (skip writing zonefiles)
	- Removed some region_create memchecks (not needed)

5 January 2009: Matthijs
	- Bug 218
	- Bug 222
	- Replace SHA256_DIGEST_LENGTH with nicer HAVE_EVP_SHA256

10 December 2008: Matthijs
	- Bugfix: better error message when ixfr.db cannot be read

18 November 2008: Matthijs
	- chown logfile, don't do file rotation if logfile is outside absolute 
		and outside chroot.

17 November 2008: Matthijs
	- File rotation for nsd.log when owned by nsd (+ tpkg test).
	- Only AXFR fallback if master responded NOTIMPL or FORMATERR on IXFR 
		request.
	- allow-axfr-fallback option.

7 November 2008: Matthijs
	- Bugfix: don't fclose if logfile == NULL.
	
30 October 2008: Matthijs
	- Allow escape characters in literal dnames
	- Fix typo in zonec manpage
	- Some fixes from code review

20 October 2008: Matthijs
	- Redo bugfix literal domain names in rdata (code adjustment)
	- Added tests for case sensitive dns names and "Bug #162"
	- Adjust nsd-patch to new ixfr.db format

14 October 2008: Matthijs
	- Only SO_LINGER when outgoing port is set
	- Reset diff_skip when a new difffile is created (parts in the difffile 
		now have a timestamp).
	- Undo bugfix literal domain names in rdata (code adjustment)
	- Split up dname_parse to parse literal dnames and normalized dnames.

3 October 2008: Matthijs
	- setsockopt SO_LINGER, for portability outgoing-interface (BSD/Solaris)

1 October 2008: Matthijs
	- Configure the source ip-address for notifies by the master and zone 
		transfer requests by the slave in nsd.conf.
	- Previously added source hostname/ip and port configuration for 
		nsd-notify and nsd-xfer
	- Finetuned nsdc for nsdc notify and nsdc update

29 September 2008: Matthijs
	- Bugfix: only normalize domain names in rdatas when rrtype is listed in 
		RFC 4034, section 6.2: Canonical RR Form.
	- Update TODO list

25 September 2008: Matthijs
	- Fix bug where hmac-sha256 was in algorithm table, but could not be 
		retrieved by name or id.
	- Additional arguments for nsd-notify and nsd-xfer: set outgoing 
		hostname/ip-address and source port.
	- Additional TODO entry: optimize code in nsd-* programs.

8 September 2008: Matthijs
	- RFC 4635, bugfix #130: support for hmac-sha1 and hmac-sha256 tsig 
		algorithms.
	- modify and add tpkg tests for hmac-sha1 algorithms.

2 September 2008: Matthijs
	- AXFR fallback when IXFR/UDP failed on all masters
	- Bugfix: strip off chroot value in corner cases
	- Additional debug and verbose log messages

29 August 2008: Matthijs
	- IXFR allow UDP option

26 August 2008: Matthijs
	- Code layout, additional comments and documentation typo fixes
	- IXFR over TCP, no longer UDP

17 July 2008: Matthijs
	- Make the maximum number of interfaces configurable.
	- Write pidfile *after* successful server initialization,
		instead of writing, and unlink if fail.

16 July 2008: Matthijs
	- Set upcoming release to 3.1.1
	- Wouter: fixed memory leaks that happened on error, mostly on
	  zone transfer errors.

11 July 2008: Matthijs
	- Avoid race condition in nsdc: let nsd server update pidfile before 
		closing old parent process. 

8 July 2008: Jelte
	- Fixed NSEC3 memory leak in the case NSEC3 is not needed.

7 July 2008: Matthijs
	- Bugfix #191

9 June 2008: Matthijs
	- When comparing RRs, do not compare TTL values (since the same record
	  with different TTL values are considered equal).
	- Fixup some more unaligned memory access that could occur when 
	  reading ixfr.db.

19 May 2008: Matthijs
	- Do not always log tcp read errors, only when real error or high verbosity

28 April 2008: Matthijs
	- Bugfix #172 (misleading error from zonec)

27 March 2008: Matthijs
	- Port some branch modifications to trunk

28 February 2008: Matthijs
	- Do not answer nsec3 wildcard information when DO bit is not set

19 February 2008: Matthijs
	- Fixed strptime bug (for MacOS Leopard)

22 January 2008: Matthijs
	- Add configuration for chkconfig to control nsd service (bug 164)

15 January 2008: Matthijs
	- Fixed bug 157 where nsd would return FORMERR if edns query is
	  received with version set to zero and rdlen is larger than zero.

8 January 2008: Wouter
	- no warning about optout records. also no warning about missing
	  nsec3 records.
	- check for hash(apex)==nsec3 with SOA bit was done in duplicate.
	- removed old commented out code
	- using SOA bit in NSEC3 typemap to detect parameters
	- using nonhashed NSEC3 to prove qtype=NSEC3 nxdomains
	- prints for debugging.
	- nicer comment on nsec3_lookup.

7 January 2008: Wouter
	- Fixup nsec3 tests, they need zonesdir: "." in conf files.
	  The tests pass.
	- configure default is --enable-nsec3. Disabling this will save 20% more
	  memory (for very large zones). Moved tests to test on commit.
	- set RRTYPE numbers for NSEC3=50, NSEC3PARAM=51.
	- fixup checkconf test - updated parser lexer gives syntax error 
	  on some garbage instead of parse error. Parselexer is updated for
	  new options (hide-version, verbosity).
	- removed highrange rrtype code. fixup cutest for that.
	- speedup of prehash code.
		- skip nonexistent domains (operator.example.com).
		- skip only-nsec3 domains (that could be 2x speedup)
		- skip glue nameserver domains (for TLD with 2 glue per
		  delegation this is a 3x speedup).
		- skip the prehash_domain for delegation points, which saves
		  another 2/3 hash operations, 3x speedup.
	- printout how long nsec3 prepare took (verbosity >= 1).

3 December 2007: Matthijs
	- Fixup bug where data related files are looked up in the wrong
	  directory when chrooted with chrootdir ending with a slash.

26 November 2007: Matthijs
	- Fixup bug start nsd while already running: do not initialize server,
	  since it is already running. 

15 November 2007: Matthijs
	- Changed man pages format from mdoc to mansun, to support the Solaris OS. 
	- Better logging for nsd-notify (show 'broken' zone)

13 November 2007: Wouter
	- CREDITS and RELNOTES now in utf-8.

12 November 2007: Matthijs
	- Changed man pages according to bug 162. 

30 October 2007: Wouter
	- Fixup for skip after unknown deleted IXFR RR, otherwise processing
	  would continue at the wrong spot in the packet and process the IXFR
	  as if it were malformed.
	- added unit test for this in long (needs ldns-testns, updated it).
	- added unit test for rollback of malformed zone transfers.
	  Fixup for it, and fixup in ldns-testns to be randomport and
	  copy id for hex packets.

29 October 2007: Wouter
	- Fixup bug where malformed IXFR replies cause partial processing in
	  reload (or nsd-patch or nsd-startup). One result is multiple SOA
	  records in zone apex. Fixup rolls back the zone transfer, and waits
	  for NSD to try to load again.

26  October 2008: Wouter
	- small fix in descriptive text in sample config for debug-mode.

9 October 2007: Mark
	- Change default location of: nsd.db, ixfr.db & xfrd.state to
	  /var/db/nsd.

5 October 2007: Wouter
	- Fixup manual page entry for allow AXFR to anyone.

3 August 2007: Mark
	- Report source and zone for denied AXFR attempts.

25 July 2007: Wouter
	- bind2nsd to 0.5.0, fixup of includes, key{} handling.

19 July 2007: Wouter
	- bind2nsd to 0.4.8, fixup of include bug.

18 July 2007: Wouter
	- added contrib for bind2nsd, Al Stone provided an abridged version
	  that neatly fits for contrib.

17 July 2007: Wouter
	- fixup commithooks.

16 July 2007: Wouter
	- Added reference to http://bind2nsd.sourceforge.net/ to
	  contrib/README.

3 July 2007: Mark
	- Zone compiler now gives more sane error message when out of
	  diskspace.
	- Fixed a call to drill in tpkg that made a test check bind instead of
	  nsd.

2 July 2007: Mark
	- Remove last traces of mmap usage.
	- Some cleanups in tpkg.

24 April 2007: Mark
	- Added "hide-version" configuration setting. Enabling this feature
	  stops NSD from answering to CHAOS class version requests.

19 April 2007: Wouter
	- Compiled on minix 3.1.3 and make some adjustments to ease porting.
	  ECONNABORTED is checked for. sys/select.h included in nsd-notify.
	  SO_REUSEADDR failure is not fatal. PF_INET compat code added.
	  If you compile yourself; strptime and socketpair need compat code.

13 April 2007: Wouter
	- Minor tweak to nsec3.c, more elegant handling of malformed nsec3 
	  records from a zone transfer.

10 April 2007: Wouter
	- Fixup ignored return value in region-allocator. Now returns a NULL
	  memory allocation failure and leaves region in a consistent state.

20 March 2007: Wouter
	- Released 3.0.5.
	- (for 3.0.6) -O2 test for Alpha moved to saner position.

16 March 2007: Wouter
	- port configure to AIX, removed warning on ALIGNMENT in region code. 
	  defined _ALL_SOURCE to get recent C definitions on AIX.
	- improved nsec3.h comments.

22 February 2007: Wouter
	- Zonesdir default is now /etc/nsd.
	  So that the invocation directory is not used to dump files into.
	  The user can change the zonesdir by editing the config file.
	  The directory is created by install, if not an error is printed.
	- updated tpkg tests to use current dir for testing.
	- tcp connections that drop do not spam the log file.
	  Unless verbosity is set high.

19 February 2007: Wouter
	- Fix empty line printed with warning on 'force zone transfer'.

15 February 2007: Wouter
	- Check for EPROTO definition to compile on FreeBSD4/Alpha.

13 February 2007: Mark
	- Debug flag (-d) behavior changed. Nsd now also forks children when
	  run in debug mode.
	- Added verbosity mode (-V <level>) for extra operational logging.

8 January 2007: Wouter
	- README text on interface configuration added.

2 January 2007: Wouter
	- Fixup accept() that could block due to already closed connection.
	  Made listen() nonblocking, ignores errcodes that indicate closed tcp.

29 January 2007: Mark
	- Handle the new CERT RDATA types defined in RFC 4398 (submitted
	  by Mans Nilsson).
	- Change nsd-notify retry timer from linear into exponential backoff
	  (submitted by Mans Nilsson).
	- Due to a small bug in a comparison statement, zonec would fail
	  on the parsing of unknown CERT types. This got triggered by the
	  first bugfix today, as that one shouldn't have been discovered in
	  the first place. Took the opportunity to sanitize two other
	  comparison statements related to strtol().
	
24 January 2007: Wouter
	- Tentative change to set UDP sockets nonblocking. Perhaps it 
	  helps Howard.

19 January 2007: Wouter
	- NSEC3 work. prehash printed only once with time taken to prepare.
	- prints are now only in DEBUG mode (except errors).
	- rr descriptor counts for NSEC3 updated, has an extra field flags.
	- now NSEC3PARAMs with flags!=0 are ignored, as per draft-09.
	- Fixed where only first NSEC3PARAM was properly detected.
	- Added tpkg in manual (because you need to compile with nsec3)
	  that performs the test queries from draft-09 and checks them.
	- Made tpkg to test NSEC3 parameter detection. NSD will skip any
	  NSEC3PARAMs that don't work until the first working one is found.
	  Also, this means unknown hash algorithms are simply ignored.
	  A zone that uses exclusively unknown hash algorithms for NSEC3
	  will give errors on loading (or after zone transfer) but NSD
	  will load and serve the zone (but no NSEC3s are returned).
	- added tpkg in manual to test parent side DS answers.
	  These follow a different code path than child side DS.
	- Will allow NSEC3s(and signatures) below a DNAME.
	- A query for an NSEC3 ownername will lead to DNAME redirection
	  as if the NSEC3 did not exist.
	- Test package in manual that tests NSEC3 and DNAME in the apex.
	- Changed NSEC3 memory requirements from 5 pointers per domain name
	  to 3 pointers and 2 bits.
	- Added jumpstart for nsec3 search, will greatly speed up optout
	  zone nxdomains. At the cost of one ptr per domain name.
	  The speedup also speeds up the nsec3 prepare stage.

18 January 2007: Wouter
	- Created 3.0.4 release tag.
	- 3.0.5 number in trunk.
	- add nsd.spec patch from Farkas Levente to contrib.
	- NSEC3 new wireformat and presentation format from draft-09.

11 January 2007: Wouter
	- The message 'server .. closed cmd channel' is now priority INFO.
	  This to reduce the 'error' amount in the logs.
	- On error in a tcp request, set to retry next instead of waiting
	  for the tcp timeout.

9 January 2007: Wouter
	- TSIG acl matching changed so that NOKEY allow-notify entries match 
	  only queries without a tsig. Otherwise NSD would crash.
	  This only affects servers that have allow-notify: ip NOKEY and
	  someone sends a TSIG signed notify from that ip.
	- test package for that.
	- Fix for reply to notify messages with ANCOUNT wrong. The ack
	  to notify messages that passed the ACL, and had a SOA in the answer
	  section of the query, included wrong RR counts in the header.
	- test package for notify reply wireformat.

8 January 2007: Wouter
	- ipc_send_blocked will not lead to busy waiting on it, but will block
	  in select, until SOA_END comes by.
	- server_main sends SOA_END if reload crashes, to xfrd. So that xfrd
	  can set ipc_blocked=0 and can_send_reload=1; and thus resume service,
	  assuming that the crash was a temporary condition. 
	  This will lead to trying every reload-timeout seconds to reload
	  if it is a permanent condition. Which is more obvious to the 
	  operator.
	- put the error "error: diff: RR ns.kiev.ua. already exists" in
	  debug mode only. Zone transfers with this error are liberally
	  accepted, and we should not spam the logfile.
	- empty zones will not be retried forever every 10 seconds,
	  but exponential backoff to a max of every 4 hours.
	  The exact value is randomised to spread out attempts.

5 January 2007: Wouter
	- Fixed --zonesdir=<path> for configure. The value did not get used
	  as a default value. Now it is used as a default value. If a 
	  default value is set for zonesdir, you can go to a 'no value 
	  specified' by giving the empty string, zonesdir: "" in nsd.config.
	- Fixed checkconf.tpkg for this change. nsd-checkconf will 
	  output zonesdir: "" as this is the default for --zonesdir.

2 January 2007: Wouter
	- Added contrib script from Stephane Bortzmeyer to convert NSD 2 to 
	  NSD 3 config files. Converts secondary zones and TSIG keys.
	- Made config conversion script skip empty lines.
	- Made config conversion script convert primary zones (and notify).
	- Nsdc control script will exit with 'nsd startup failed.' if nsd
	  fails to start (due to bad config file for example).

15 December 2006: Wouter
	- Removed dlopen() checks from configure.ac, NSD3 no longer has
	  dynamic plugin support (since 3.0.0).
	- added .rpm spec file to contrib.
	- Updated README to remove reference to buildzones script.

12 December 2006: Wouter
	- Added missing include to ipc.c to compile on SunOS.
	- Cast to avoid signed/unsigned comparison in compat/inet_ntop.c.

11 December 2006: Wouter
	- Added test to check for CNAME and other data error by zonec.
	  Currently NSEC, NSEC3, RRSIG, SIG, NXT are allowed next to CNAME.
	- Fixup unaligned memory access that could occur when reading ixfr.db
	  with a partial transfer inside.
	- RR type WKS (well known service) was not printed correctly,
	  htons() was forgotten when calling getservbyport.
	- NSD does not complain about not being able to read the db CRC
	  when all that happens is the file became longer or shorter.

8 December 2006: Wouter
	- Moved down max XFRD UDP sockets for zone transfer queries to 100
	  down from 300. This makes the total socket max at 200, so it fits
	  easily under 256 ulimit (a common default).

7 December 2006: Wouter
	- Improved error message to help operator.
	- created 3.0.3 svn tag.
	- default of zonesdir corrected (no directory is default).

4 December 2006: Wouter
	- updated test packages. Moved 213_large from manual to long.
	  size_0, source_port_0 made more working (needs root permission).

1 December 2006: Wouter
	- Moved xfrd ipc and reload handlers to front of event handler
	  lists for a 10% speedup in xfrd.
	- Fixed so that NSD no longer interrupts zone transfers when
	  a notify comes in for that zone. Added package to test it.
	- Fixed warning on Solaris 10.

30 November 2006: Wouter
	- Test for fallback in getaddrinfo more portable.
	  Ported to FreeBSD 6.1 without inet6.
	- New quit sync had a problem with blocking in dispatch. Fixed.
	- reload will retry quit_sync if nothing happens.
	- parent tries to empty the pipes before closing them on quitsync.
	- xfrd does not send reload when previous reload request busy.
	- netio will only deliver the number of bits from select
	  and then stop. Optimisation.

29 November 2006: Wouter
	- Fixed getaddrinfo error message to be more descriptive.
	- Fallback to ip4 also if getaddrinfo fails for ip6.
	- instead of EAI_ADDRFAMILY uses EAI_FAMILY which is portable
	  to FreeBSD.
	- signed/unsigned warning fix for FD_SETSIZE comparison.
	- Lots of debug statements and new quit sync feature, where
	  the server children are synced with. So as not to lose buffers.

28 November 2006: Wouter
	- Debugging 10k zones transfer, set so that zones waiting for a
	  socket do not get timeouts.
	- Debug change so that an event is only returned to one handler
	  by netio.
	  Reversed this. Netio will not deliver events you do not listen
	  to, and since xfrd first listens to write then read, it will
	  not have problems with stale events (for the fd from the previous
	  select) because these are always read, while it needs a write.
	  Re-Reversed it: netio will deliver events only once.
	  This is easier to understand for the poor hapless developer.
	- Need to set notify_current for notify on waiting list. Fixed.

27 November 2006: Wouter
	- Debugging 10k zones transfer, noticed that it is possible for 
	  netio to give a callback for an event that you were not listening
	  to. Now no longer does that.

16 November 2006: Wouter
	- Bug #153: now checks for FD_SETSIZE when adding fd to select fdset.
	- Easy overview of socket allocation for xfrd in xfrd.h
	- Upped the default xfrd socket limits a bit.
	- Log message that the TCP connection limit is reach is now only
	  in -L 2 logging. It is spammy.
	- updated dependencies.
	- Added test for notify-socketcount, and removed unused files from
	  bug153 test package.
	- Notify udp sockets are also capped at a max number. The rest
	  has to wait in a queue.

15 November 2006: Wouter
	- Fixed bug #152: identity keyword in nsd.conf did not work.
	  What happened was that the hostname() from the computer 
	  was overriding the nsd.conf identity. Fixed now.
	  If commandline is given that is used.
	  Else nsd.conf entry is used.
	  Else hostname() detected from computer is used.
	  Else default string "unidentified" is used.

14 November 2006: Wouter
	- Fixed bug where NSD tries to create 10000 udp sockets,
	  when starting with 10000 secondary zones. Limited to 50
	  at a time. The XFRD_MAX_UDP constant controls this.

3 November 2006: Wouter
	- Created tags/NSD_3_0_2_REL.

2 November 2006: Wouter
	- Added pdf for differences.tex for ease of use.
	- Updated text in readme on memory usage.

24 October 2006: Wouter
	- Recycle rrset memory after doing special processing on the deleted
	  rrset data.
	- log message clearer for 'duplicate xfr part' to 'discarding partial
	  xfr part'.
	- if you have a server that has IXFR turned off but sends a TC flag
	  for IXFR queries, xfrd will retry to TCP. This makes the use of
	  'AXFR' flag in nsd.conf file not needed in certain cases.
	- Be thrifty and save up the memory that was lost at end of chunks
	  in the recycle bin. Saved 1.3Mb on 170(rrs)/220(total) Mb dataset.

23 October 2006: Wouter
	- Added checks for out of memory in reload (diff file). And it exits
	  if so neatly.

13 October 2006: Wouter
	- Bug #149: Wrong text for NOTAUTH error code. When notify is not
	  authorised REFUSED error code returned instead.

4 October 2006: Wouter
	- More fixes from Koh-ichi Ito (kohi@iri.co.jp now), for bug #146,
	  his bash does not do $(( )), so nsdc.sh has to use test of course.

29 September 2006: Wouter
	- recyclebin works, added a test that uses it (about 3 Mb goes
	  through the recyclebin). This resolves bug #147.
	- Made -L 1 logging is little less verbose (-L 2 gets it all).
	- added search path for openssl on Solaris 10 (/usr/sfw).

28 September 2006: Wouter
	- Removed unused global variable current_region,
	  and routines for it in region-allocator.c and .h.
	- Added recycle option to regions. It will keep track of small
	  objects in a recycle bin. Large objects are deallocated.
	  No calls to recycle yet, unit test it first.
	- added unit test for region recycle.

27 September 2006: Wouter
	- Further suggestion from Koh-ichi Ito, I've set opt->xfrdfile
	  to XFRDFILE in options_create. So opt->xfrdfile and opt->difffile
	  are never NULL. This simplifies code elsewhere.
	  And also handles chroot case (+=l) for default values.
	- Fix for bug #145. The skip file position in the diff file was used
	  inconsistently - one part of the code skipped to before the 'IXFR'
	  type code and another part skipped to after that. Now all skip to
	  before the type code. This bug only happens if your diff file 
	  is like: zone1_part1, zone2_part_1, zone1_part2, zone1_commit,
	    zone2_part2, zone2_commit. The skip over zone1_part1 failed.
	- tpkg test in long dir that tests for the bugfix. Takes a long time
	  and uses ldns-testns feature to wait partway through an AXFR.
	- removed debug log of strerror on diff read failure, when the errno
	  was already output to the logfile (resulting in a nonsense error).

26 September 2006: Wouter
	- NSD compiles on Solaris 10 with the sun cc compiler.
	  Added a define for _STDC_C99 for that.
	- Checked that the patch for solaris for bug 143 indeed fixes the bug.
	- Fixed bug #146 reported by Koh-ichi Ito: when chrooted nsd failed
	  to write xfrdfile/difffile.
	
18 September 2006: Wouter
	- no queries for NSEC3, RRSIG, ANY succeed for nsec3 only domains.

15 September 2006: Wouter
	- Fixed LOC parsing of integer overflow causing maximum values.
	  Added to test and backported fix to 2.3.6.
	- NSEC3 qtype queries get noerror/nodata or nxdomain answers.
	  You can query for NSEC3PARAM.
	- warnings for printf format on maxOS (sizet needs cast to int).

13 September 2006: Wouter
	- added fsync to AF_UNIX sockets to write last command (QUIT) before
	  closing them.
	- sent explicit QUIT command to xfrd on final shutdown of the server.

12 September 2006: Wouter
	- Bug #144: LOC defaults for unspecified values wrong. Error in zonec.
	  Set defaults. Also fixed parser if LOC has no minutes or seconds.
	- Also fixed rounding error in seconds 0.001 decimal. 
	- Test tpkg for bug 144.

11 September 2006: Wouter
	- nsdc now more portable in use of 'which'.
	  Does not only look at exit code but also checks for '^no ' string.
	- nsd-patch does a chdir to zonesdir for relative difffile or dbfile
	  path names.
	- nsdc handles zonesdir: for relative pidfile, dbfile, difffile 
	  pathnames.

7 September 2006: Wouter
	- bumped version to 3.0.2.
	- Nice configuration error when you had the wrong zone name in the
	  nsd.conf file. Zonec will give an error already.
	- When you start a secondary zone without a zone file, you get
	  a much nicer error message, warning you of the zone transfer.
	- Credits for prerelease testers; Thanks guys!

6 September 2006: Wouter
	- Fixed nsd-patch so that it writes the SOA at the start of the file.
	- test tpkg that tests for the bug, has multiple rrsets at zone apex
	  and does nsd-patch followed by zonec.
	  Previous tests did not catch this: they used nsd-xfer to test zone
	  contents, or only checked the zone-file after nsd-patch.
	- version number bumped to 3.0.1.
	- svn tag 3_0_1 made.

5 September 2006: Wouter
	- differences file improvements.
	- created 3.0.0 release in svn tags.

4 September 2006: Wouter
	- From suggestions by Bin Zhang:
		- nsdc restart does not fail if nsd was not running.
		- fixes to man pages, wrong locations for files.
	- NSEC3-PARAM has no optout bit in presentation format.
	- NSEC3PARAM spelling.
	- differences in latex format (needs nlnetlabs housestyle).

31 August 2006: Wouter
	- Fix for tsig size still set when data is null ptr.
	- Fix configure for NetBSD (1.6 - 2.0) to find struct timespec.
	- DIFFERENCES file completion.

30 August 2006: Wouter
	- Print error nicely when nonblocking connect fails on systems
	  in a portable way.
	- doc/UPGRADING document to assist NSD 2 to 3 upgrades.
	- updates of error print - ignore EINPROGRESS if we check too early.
	- wait for select writable before testing for connect error.
	- echo "" >&2 is not as portable as we would like, removed from nsdc.
	- fixed debug print of a null ptr.
	- fixed bug where query for CNAME that points to unserved zone caused
	  nullptr exception on empty zone ptr. Now original zone is restored
	  after CNAME-pointed data is added to the packet.
	  Test in dname.tpkg. Reported by Kai.
	- fixed stack corruption when ipv6 disabled.

29 August 2006: Wouter
	- NSEC3 made it so it can handle the case where the NSEC3 RRSET
	  with the SOA bit on does not have the RR with the soa bit set
	  as the first RR.
	- Handle NSEC3-PARAM type. Checks to see if any of them work:
	  zone apex hashed exists, with NSEC3 type, and RR that has
	  the same parameters and the SOA bit set.
	- in presentation format of NSEC3, NSEC3-PARAM reversed hash, optout.
	- update to the DIFFERENCES file, bind 9.3.2 vs NSD 3 and 
	  NSD 2 and 3 comparisons are completed.

28 August 2006: Wouter
	- echo messages in nsdc made clearer. nsdc notify and nsdc update
	  only send notify messages to slaves / localhost to force transfers.
	- initial NSEC3-PARAM type code entry. parsed, ignored.

25 August 2006: Wouter
	- disabled make test target as tests are not shipped.
	- performed prerelease static snapshot.
	- updates to the DIFFERENCES document.

24 August 2006: Wouter
	- Fix bug 141 port from 2.3.6, copies behaviour from bind 9.3.2.
	- Added a test for bug 141.
	- Bug141: save the opcode from the query.

23 August 2006: Wouter
	- Fixed % by 0 exception in the bugfix #139.
	- Fixed RFC 4035 says CD flag SHOULD be cleared on authoritative
	  responses, now NSD clears the CD flag. This is bug #140.
	  RFC 4035 could be confusing on this, as it states 'all servers
	  MUST copy the CD bit' more than once, but then makes clear only 
	  recursive servers are meant with that statement.
	- Differences document updates for bind 9.3.2 and nsd 3.

22 August 2006: Wouter
	- version number to 3.0.0 in preparation for release.
	- Bug #139: resync stats to whole period. Fixed.

21 August 2006: Wouter
	- check for error in ftruncate call.
	- replaced fwrite call with write_data call from util that does
	  error checking.

15 August 2006: Wouter
	- removed unused struct nsd.named8_stats variable.
	- Bug #138: nsd aborts trying to bind all interfaces if ip6 is not
	  enabled, instead it will fallback to ip4.

14 August 2006: Wouter
	- Added test for rollback of an IXFR transfer by xfrd.
	- Added test for reload timeout in xfrd, the reload does happen after
	  a while, but not immediately.
	- Test that makes xfrd connect to ip6 address.
	- Test that overloads the number of tcp connections in xfrd,
	  simulating a slow master, so that zones have to queue up to get it.
	- code coverage is now 2514 of 10636 uncovered. Still a lot uncovered.
	- ixfr queries return NOT_IMPL errors.

11 August 2006: Wouter
	- srandom to init random() in xfrd based on PID and time.
	- improved usage() information to be more helpful, and with version.
	- in makedist.sh, flex and bison called like in Makefile.
	- test for tcp underrun and overrun of the buffer.

10 August 2006: Wouter
	- added more tests to increase code coverage of testset.
	- moved acl parsing code from configparser.c to options.c to help
	  unit testing.
	- nsd-checkconf echod wrong difffile filename with -v.
	- nsd-patch can now be used with -f to force printing of all RRs.
	- TYPE_NULL crashed NSD when it printed it, arg was ZF_DNAME,
	  now ZF_UNKNOWN.
	- unknown rr test was faulty on input, the length was in nibbles
	  not in octets, but rfc specifies octets for unknown rrs.
	  NSD does not look at the length, and prints the length correctly.
	- added type NXT to the rr-test for weird RRs.
	- added printing test to rr-test, ipseckey and unknown-rr tests.
	  checks if NSD prints the same RR on output as it read in.
	- put -x option for nsd-patch in usage().
	- test that kills an nsd child server and checks that it is
	  restarted.

9 August 2006: Wouter
	- tested nsdc functionality, make install and make uninstall.
	- set O_NONBLOCKING on xfrd tcp sockets before the connect call,
	  because the handshaking can take very long too.
	- difffile and xfrdfile set via configure, to absolute pathnames,
	  so that chroot checks work for them.
	- updated tpkgs, they need to set relative paths now for difffile.
	- gcov says 2821 of 10617 total code lines are not covered.
	  compiled with --coverage, not -O2, ran tpkg/* and long/testplan*.
	  counted grep '#####:' *.gcov | wc and grep '^ *[0-9]*:' *.gcov | wc.
	- cleaned up the log functions, NSD no longer spams the syslog with
	  debug messages. The standard NSD debug util is used, -F -1 -L 2 for
	  a compile configured with --enable-checking will enable them again.
	  Errors are logged, as is the automated reload of a new serial.
	- tpkgs for bug077 and bug107 were silently failing to test properly.

8 August 2006: Wouter
	- fixes for checkconf test, more portable.
	- removed items from TODO that have been tested.
	  for multihomed servers you have to bind to each interface
	  explicitly to get outgoing ip-address the same as query
	  destination ip-address.
	  Forks and if-existing are tested and ok in testplan tests.
	  close_all_sockets is called by child, if tcponly, so leave it. 
	- user name check is hard portably with shell scripts, and 
	  packaging could set a default user that does not exist on a machine.
	- empty nodes (nonterminals) give no nxdomain any more (todo item done).
	- removed (old) from TODO.
	- removed contrib/buildzones.pl, it is outdated.

7 August 2006: Wouter
	- Made the tests a little more portable.
	- fixed mempcy unable to handle unaligned memory addresses on Solaris,
	  used memmove instead of memcpy in zonec LOC conversion code.
	- another unaligned memory access, when storing off_t pointer in 
	  difffile.c, used memmove.

4 August 2006: Wouter
	- nsd will start if diff file is corrupt, with a log message.
	  It ignores the bad data.
	- tpkg files do not override PATH, svnhook sets it. So user can
	  set path to utilities on the system to run the tests.
	- running testset on DecAlpha discovered uninitialised variable
	  in NSD. Fixed.
	- Jakob Schlyter asked for building nsd3 in an obj dir, i.e.
	  mkdir obj; cd obj; ../configure && make. Fixed up makefile for that.
	- and bug137.tpkg for separate obj dir building.

3 August 2006: Wouter
	- more tests in mesh test.
	- changed test packages to put nsd log to test result "/dev/stdout".
	- test packages more portable - use default 'dig' location.
	  also, path is appended to, instead of replaced.

2 August 2006: Wouter
	- Region can be customised for detailed memory handling.
	  Especially if you set large_object_size=0, chunk_size=0,
	  the region will perform individual allocs, and 'save memory'.
	  The region still keeps tracks of allocations so that at
	  region_free time all memory is released.
	- tsig.region removed, it was not used after attaching a cleanup
	  at creation. tsig creation uses custom region settings.
	- xfrd inits the tsig records with memory saving settings,
	  so the regions alloced for tsig take up about 60 + 4*8 bytes.
	- new custom region for query region - to make chunksize larger
	  there. The chunksize for the query region is important, if
	  all allocations for a query fit in it, no mallocs are needed.
	- TSIG other_data field size according to RFC 2845 is 0 or 6.
	  In tsig implementation put a maximum to the field of 16,
	  otherwise a formerror results.
	- query with IXFR appended SOA not formerror.
	  IXFR queries not reach the handler in axfr.c for IXFR queries.
	- removed annoying debug message of added tsig key.
	- added test that starts 7 servers in a mesh and lets them fight out
	  what zones to transfer and serve.
	- xfrd logic bug: if notified a slave would not see the renewal
	  of its current zone.

1 August 2006: Wouter
	- Test for remove domains with IXFR.
	- Fix for empty nonterminals and IXFR deletes.
	- Test for timeouts, including expiry, and expiry and zone updates.
	- Test for axfr refused authorisation.
	- Test for deadlock in ipc.

31 July 2006: Wouter
	- Test plan ixfr test in tpkg/long directory.
	- IXFR with many packets tested (one RR per packet).

28 July 2006: Wouter
	- tentative change, that preserves ordering of rrtypes for a domain.
	- fix for serial rollover (old_serial + 2**31), now works, is seen
	  as new serial and rolled over to new.
	- serial numbers, and time values, printed as unsigned to logfile.
	- set so that if info is provided by operator, refreshing state
	  not expired is used.
	- forgot to * a pointer to boolean, is_ixfr in the difffile reader.
	  This fixes the testplan_ixfr test 1.

27 July 2006: Wouter
	- fixup desc of tsig xfer test, remove debug from xfr_huge.
	- fixed compressed dname tables cleanup, to set ptr to NULL.
	- initialised xfrd_listener.fd to -1.
	- fixed difffile handling of very short AXFRs, with no data.

26 July 2006: Wouter
	- Updated the requirements with comments from Olaf.
	- README discourages use of experimental nsec3 rr a bit more.
	- typo in DNAME code, used original qname instead of CNAME
	  adapted qname variable.
	- added IPSECKEY RR type, RFC 4025.
	- tpkg test with sample ipseckey rrs.
	- wireformat for IPSECKEY depends on the value of a rdata atom, added
	  WF_IPSECGATEWAY to handle that.
	- DHCID type, data is encoded in one binary/b64 blob.

25 July 2006: Wouter
	- max number of tries for nsd-notify is 15, so that the
	  total time for sending is about 75 seconds.
	- forward port of fixes for bug 105 and 135 in nsdc.
	  forward port of test for bug 105.
	- fixed nasty bug with configure --prefix=<...> where config.h
	  was wrong. Now double evaluate the shell expansion on the defines.

5 July 2006: Wouter
	- helped in README with gnu make; need to make clean
	  so that botched attempts by make to create the lexer files
	  do not stay around.
	- removed %zd, replaced by casts to int.
	- updated REQUIREMENTS file, the sections on RR types, on what
	  algorithm NSD follows and on which RFCs are supported are updated.

3 July 2006: Wouter
	- 'make depend' target in makefile. (updates both Makefile.in
	  and Makefile, so it works for users and for svn).
	- doc minor update.

2 July 2006: Wouter
	- TESTPLAN, README, bugzilla-bugs docs updated.
	- NSD for BIND users update.

29 June 2006: Wouter
	- removed --zonesfile nsd.zones configure option.
	- doc/README updated for 3.0.
	- doc update. NSD_FOR_BIND_USERS document.
	- moved from -Ds to the config.h header, cleaner compilation output.
	- use autoconfs built in large file support enabler.

28 June 2006: Wouter
	- nsdc neater, checks for BLOCKED ips more strictly.
	- nsd -d also disables xfrd forking, and thus all reloads
	  and secondary zone treatment. Stated so in manual page.
	- fixup, apart from ip4 need to allow ip6 in example.conf
	  line showing how to allow access for everyone to axfr.

27 June 2006: Wouter
	- Fixed read in server.c to be a blocking read for sure,
	  even if ipc is not blocking on the OS.
	- nsd-notify tries to send notify 5 times, then exits with error.
	- nsd-checkconf can lookup key secrets by name from a config file.
	- difffile option is always set in options struct with default
	  or config value.
	- nsd-patch uses dnames to compare zone names (for trailing .).
	- nsdc updated to work with config file.

26 June 2006: Wouter
	- Nicer check in autoconf for struct timespec type.
	- NSEC3 next hashed ownername is a length byte followed by data.
	- nsd-checkconf more quiet, clearer error message.
	- NSEC3 does not complain about glue records without nsec3.
	- nsdc work (did start, stop, running, rebuild, restart, reload, stats).

21 June 2006: Wouter
	- nsid commandline parsed using hex_pton routine.
	- unit test for hex_pton.
	- added include stdlib, needed for free() on sunos4.
	- fixup of disable-ipv6 compilation.
	- memmove compat implementation (created fresh).
	- yy_set_bol() for old flex compat define.
	- compat implementation from openssh4.3p2 for
	  strlcpy, inet_aton, and inet_ntop routines.
	- changed ctime_r usage to ctime() call, nsd is not threaded.
	- compiles on SunOS4/gcc-2.95.
	- debug statements go to the log_msg route instead of the
	  fprintf route, so they will get to a nice logfile even if
	  we forked away, with xfrd. logfile=/dev/stderr gives old way.
	- minor changes to cutest to make unit test compile
	  on SunOS4/gcc-2.95, it checks out fine there.

20 June 2006: Wouter
	- updated configure to disable -O2 on platforms where gcc 
	  does not like it (such as dec-alpha).
	- nsd-notify used recvfrom and passed addrinfo.ai_addrlen
	  which is a size_t, but recfrom needs a socklen_t*. On dec
	  alpha these types differ in size (size_t is 64bit, 
	  socklen_t is 32bit). Therefore, used a wrapper variable
	  to pass to recvfrom.
	- changed long int to time_t in nsd-patch.c to please compiler
	  on dec alpha.
	- dec alpha complains if statements are in front of variable
	  definitions. Fixed code for some mixups on this.
	- Fixup cutest for dec alpha. Code, lowercase filename, %lf->%f.
	- cutest fixup uses (size_t) cast and %zx to print ptrs (for debug).
	- for SunOS4 configure detects ssize_t and struct timespec.
	- removed usage of fpos_t, instead using fseeko/ftello for 64bit.
	- configure will define fseeko/ftello with fseek/ftell if unavailable.
	- added missing include from buffer.c (stdlib for free()).
	- defines for snprintf and vsnprintf in config.h if needed.
	- configlexer flex is called more cleanly with -t to write stdout.
	- missing include from configparser, stdlib for atoi.
	- config.h provide inet_pton define if it is not available.
	- fixup of INET6 defines, where sockaddr_storage is used
	  outside of INET6 defines, in xfrd-tcp.
	- edns_init_nsid was not defined in edns.h.
	- added compat/fake-rfc2553.c and h from openssh 4.3p2. That has
	  a BSD license as well. They replace getaddrinfo() (and friends)
	  when those are missing.

19 June 2006: Wouter
	- updated the tpkg/manual tests for NSD 3 config files.
	  Some need root privileges to run (using hping), they all pass.
	- also the tpkg/long test bug_sighup.
	- nsec3 code will warn at prehash time for missing exact nsec3
	  records. So faulty signed zones are more easily spotted.
	- fixed NSEC3 and CNAME/DNAME chains, it will disprove the new qname.
	- removed for() look in CNAME processing, only first CNAME is
	  processed now.
	- zonec will error on a zone with multiple CNAMEs for one name.

16 June 2006: Wouter
	- Swapped read and write ops in xfrd_handle_ipc, so that a read
	  of a signal from main can stop further writes.
	- xfrd will complete its last message before shutting down
	  the ipc writes and then acknowledge the reload-sync.
	  This resolves the race where half of ipc messages caused bad
	  modes from the main.

15 June 2006: Wouter
	- In preparation of notify send overhaul, moved the notify
	  send code to xfrd-notify.c and h files.
	- created cleaner split of notify send and xfr code.
	  Still in the xfr process, because it is a convenient location.
	- fixed bug where notify sending would read from wrong fd.
	- send master zone notifies.
	  Does not skips master zone SOA INFO updates.
	- fixed bug where port number acls did not match.
	- fixed bug where tsig keys are checked for twice, but not error_code.
	- fixed notify send retry counting.
	- added test tpkg for notifies from nsd master to nsd slave.
	- nsd-checkconf flags if you set allow-notify without request-xfr.

14 June 2006: Wouter
	- fixed crash bug when dnssec/NSEC enabled and query DNAME
	  target did not exist.

13 June 2006: Wouter
	- created doc subdirectory for documentation.
	- removed unused DIFF FILE MAGIC string.

12 June 2006: Wouter
	- dname_test tpkg with very extensive DNAME testing.
	- moved sizes of zone_name buffers to 3072 - for escaped names.
	- nsd-patch has a debug option to list the contents of the 
	  difffile/ixfr.db/transfer patch log in a journal fashion. You can
	  then manually inspect the contents.

9 June 2006: Wouter
	- after a reload NSD will report the memory churn: number of bytes
	  of memory wasted by the zone transfer code.

8 June 2006: Wouter
	- When zone is re-chosen after a CNAME/DNAME no SERVFAIL is set,
	  noerror is returned instead.
	- zonec will error on multiple DNAMEs for the same name.
	- zonec will error on DNAME and CNAME together.
	- improved loop log message.

7 June 2006: Wouter
	- after DNAME the closest_match is set correctly for another DNAME.
	- in case of a loop returns gracefully instead of crash.
	- nsec3 checks if it is enabled for the zone for wildcards.
	- NSD will give referrals for zone cuts encountered after a CNAME
	  or a DNAME. This also fixed various subtle stuff with CNAME/DNAME
	  and TYPE_DS at zone cuts. It basically re-determines the zone
	  to use after the CNAME/DNAME.

6 June 2066: Wouter
	- zonec checks for data below a DNAME, and will not create the db,
	  as per rfc 2672. Tpkg test to make sure such a zone is not loaded.
	- updated rr-test tpkg so it has no data below a DNAME.
	- DNAME synthesis of CNAME records, including compression for cname.
	- included cname creation in dname test.
	- preallocate the extra temporary domain_type structures.
	- too many temp domains returns OK packet so that the resolver 
	  will recurse and ask us again with the last name in the chain.
	- fixed bug introduced in preallocation on temp domain numbering.

2 June 2006: Wouter
	- dname_replace function that does DNAME replace and unit tests.
	- added error codes from DNSUPD rfc2136 to constants in dns.h.
	- in query.c added DNAME following code.
	- fixed bug 134: hints[i] in nsd.c to hints[0].
	- added tpkg small test for DNAME.
	- tpkg to test bug 134 (starts 100 processes).

1 June 2006: Wouter
	- tsig test with NSD master and NSD slave server. Tsig AXFR transfer.
	  nsd-xfer used to test slave zone contents.
	- fixed bug where buffer_flip() is done before appending tsig rr.
	- version printed at start of nsd in logfile.
	- xfrd prints name of tsig key used during transfer in commit comments
	  so it appears in the log file and in zonefile after nsd-patch.
	- prints RRs from diff file only if debug level >= 1.
	- scalable transfer test xfr_gig added, you can set the size to try
	  in the .pre file. Now set very small.

31 May 2006: Wouter
	- xfrd check for failed updates. It compares the time it wrote the
	  commit to disk with the time of the last reload command.
	  Failed updates are restarted like the zone is notified of the soa.
	  It also catches reloads that have been lost (reload cmd while reload
	  is running, or a crashed reload process, for example).
	- when reload is issued, times at that second are put back one second,
	  so that after a reload all the zones that should have been loaded
	  have a time from before the reload. 
	- if a reload crashes, NSD will continue with the old database,
	  xfrd is not informed, since it cannot fix that. 
	- nsd-checkconf strdups arg strings before writing to it.
	- tsig error replies contain error data, but no signature.
	  also crashproof, badly formatted tsigs get a format error.
	- tsig error print knows about DNS rcodes in tsig error field.
	- added tpkg tests for tsig.
	- tpkg test for nsd-xfer with TSIG from nsd.
	- small stuff with makedist.sh, CREDITS, Features, make test.

30 May 2006: Wouter
	- tsig pre-allocs the rr_region, not at runtime, tsig_create_record().
	- redid some region work for tsig. Now has another temporary region
	  for the context data. User is only aware of the region passed at 
	  start that exists for the lifetime of the struct.
	  During TSIG checks no more mallocs are done, only region_free_all
	  and region allocs (of small size).
	- checkconf, port is stored as a string.
	- tsig now keeps a max_digest_size for giving reserved space.
	- AXFR does tsig every 96 packets (and first and last packet).
	- tsig signing works for all queries. SOA queries, ...
	  If you configured the key in the config file, you can use
	  that key for any query for any zone.
	  Except for NOTIFY and AXFR queries; those are only allowed for
	  the zone (and source ip address) which are configured in the config.
	- cleaner compile with tsig disabled.
	- fixed unknown key error reply in tsig.

29 May 2006: Wouter
	- The nonblocking write routines disable silently if they have
	  nothing to do.
	- put xfrd read/write state routines (almost 500 lines of code)
	  into xfrd-disk.c file.
	- little readme blurb on xfrd state file for the operator.
	- put ipc code in its own file for ease of reading.
	- removed --disable-axfr, you can control this via acls.
	  With no provide-xfr: statements, a zone will not do axfr.

25 May 2006: Wouter
	- fixed reload sending; it checks for EAGAIN and EINTR.
	- reload sends parent quit command blocking to make sure of arrival.
	- send_children_quit in parent uses nonblocking writes and closes
	  the pipe to signal the child to quit (even if the write does not
	  come through, the closed pipe will cause the child to quit).
	- need_to_send_STATS flag in parent. 
	- reload has its own ipc-listening handler in server_main.
	- nonblocking writes for server_main; this solved write-blocking race.
	- another race condition solved, if a process dies, half a read or
	  write buffer could be left behind on another process. These are
	  dropped. Now:
	  	* The server_main drops ipc from dead children.
		* The server_main drops ipc if xfrd dies.
		* The server_main drops xfrd(old) and all children ipc 
			on reload.
		* The xfrd drops ipc to parent on a SOA_BEGIN from reload.
		  So after reload, but parent and xfrd start with 
		  clean ipc buffers.

24 May 2006: Wouter
	- unit tests print progress while running to stderr. Included license
	  of cutest with its source in svn repository.
	- stack type (for the IPC buffer of zone update dirty). And unit test.
	- only update zone-is_ok if needed to reduce memory copy on write.
	- split off conn_write() from xfrd tcp nonblocking write routines.
	- nonblocking writes for xfrd.

22 May 2006: Wouter
	- ported over minor nits from 2.3.5 NSD fixups. Cast to (void) 
	  unused function return values.
	- removed kill signal to children, superfluous due to quit cmd ipc.
	- moved is_ok for zones to the zone_type in namedb, not in 
	  the options, it is a runtime value not a config value.
	  For zones that have no data, parent and children keep no state.

12 May 2006: Wouter
	- fixed up usage print for zonec to include -f option.
	- xfrd send notifies.
	- server no longer sends SOA INFO for master zones.
	- removed possible debug log print of a null string.

11 May 2006: Wouter
	- nsd.conf.sample shows defaults for ip4-only, ip6-only and debug-mode.
	- SOA_BEGIN message on start of reload sending soa info so that
	  xfrd will not reply with expire-notifications and thus deadlock
	  both on blocking writes (and no OS buffer on the pipes).

10 May 2006: Wouter
	- nsdc.sh is set +x after creation.
	- improved error message when zone in db has no config info.
	- support for broken nsec3 chains (if the one with the SOA bit
	  is complete, it is OK for there to be other nsec3 chains 
	  with different parameters in the zone).

9 May 2006: Wouter
	- Fix for finding bad zone when populating SOA info on start.
	 it would find a parent zone instead of the zone in question (
	 which is empty).
	- request-xfr: AXFR 10.0.0.153 keytouse syntax to interoperate
	  with NSD machines. Will only send AXFR queries to the machine.
	- documented AXFR option in nsd.conf.5 manual page,
	  and updated nsd-checkconf, nsd.conf.sample.
	- made 'skipping zone' log entry clearer (Sam Weiler asked).

8 May 2006: Wouter
	- updated zparser.y to handle empty nsec_seq lists.
	  for empty nonterminals in NSEC3.
	- nicer without ambiguous grammar.

5 May 2006: Wouter
	- nsd-notify handles option -y key:secret to TSIG sign outgoing
	  queries.
	- the acl checks now verify TSIG signatures on the query.
	- iterated_hash compiles with ssl disabled.
	- new ipc NSD_ZONE_STATE sent by xfrd to nsd process. notifies
	  nsd of the state (ok or expired) of a zone.
	- reload process waits for the old server_main to exit to make
	  sure there is no race condition listening to the NSD_ZONE_STATE
	  messages generated when reload sends SOA_INFO to xfrd.
	- server_main and children all set zone_ok state in config options.
	  also server_main so that newly forked children get the right state.
	- if a secondary zone is expired, NSD returns SERVFAIL.
	  a transient error, so resolvers try again later.
	- SOA_END ipc message, sent by reload to xfrd, so it can repeat
	  all zone states (which can have changed during reload).
	- zone_is_ok kept in config section so that state for zones
	  without data is not lost. Those have no zone_type*.
	- secondary zones start in the expired state.
	- if expired zones are updated, then NSD gets the go ahead from
	  xfrd after reload sends SOAINFO/SOAEND msg, so it is really
	  updated in nsd memory.
	- fixed tpkg xfr_1 to have longer expiry times (from 0 and 3
	  seconds to 2000 and 3000 seconds), so the zone does not expire
	  during the test anymore.

4 May 2006: Wouter
	- when a new lease is acquired xfrd_packet_newlease result is used.
	- if a zone is lost in nsd db, xfrd will update state to match.
	- IXFR can use TSIG in queries and verify responses.
	- Fixed memory leak in xfrd tsig handling.

3 May 2006: Wouter
	- forward of 2.3.4 RELNOTES into trunk.
	- debug log statements to track xfrd request rounds.
	- removed memleak from handle_passed_packet in xfrd.
	- faster find_zone in difffile.c.
	- nsd-patch writes commit log entries into zone file.
	- took some tsig.c enhancements from 3 branch,
	  -> if key or algo changes during connection, return bad_key,
	  -> debug statement neater.
	- nsd adds tsig keys to tsig keyring at startup.

2 May 2006: Wouter
	- ifdef inet6 back on ss_family usage in server.c.
	- nsd-checkconf ip6 ifdefs improved.
	- xfrd tries servers 3 rounds, then waits for next retry.

1 May 2006: Wouter
	- off_t used for 64bit fileio. 
	- searches for smallest unused part and sets diff_skip to that.
	- doc comment near the region_free_all for every query about 
	  malloc speed.
	- null ptr in strcmp does not work on bsd, fixed nsd-checkconf.
	- made nsd.conf.sample.in so the sample gets prefix-corrected.
	- removed nsd.zones.sample.
	- makedist.sh added manual pages for nsd-xfer nsd-patch.
	- install/uninstall nsd-patch, nsd-checkconf and manpage. 
	  small update readme.

28 Apr 2006: Wouter
	- ixfr >64k in xfrd.
	- fixed length of new commit parts.
	- fixed multiple ipc reads in xfrd.
	- fixed multiple packet ixfr read in diff file.
   Miek:
	- Forward port fixes for nsd-xfer and nsd-notify

27 Apr 2006: 
   Wouter:
	- nsec3 review fixes.
	- diff file format expanded for >64kb transfer support.
	- diff reader adjusted for >64kb.
   Jelte:
	- small non-null options check in nsd.c.
   Miek:
	- updated nsd-checkconf for zone parse shell script support.

25 Apr 2006: Wouter
	- Tests on NSEC3 code. Fixed that the unsecure delegations also
	  have _ds_ parent nsec3 prehashes, so that they get proper NSEC3s.
	  NSD will serve NSEC3s to prove 'opt-out' also if the opt-out bit
	  is (erroneously) not set.
	- For the 05pre2 draft section 5.4.8.1. QTYPE is NSEC3, only NSEC3
	  RRsets at name. Fixed that RRSIGs present do not matter.
	  And also the closest encloser proof in that case fixed.
	  If wildcard exists below zone apex servfails (cannot disprove
	  it and NSD cannot instantiate the wildcard at that point).

24 Apr 2006: Miek
   Miek:
	- forward port nsid (disabled by default)
   Wouter:
	- nsd-patch manual page.
	- minor MacOSX port fixes.
	- xfrd-reload-timeout: config option.
	- if you set the xfrd reload timeout to -1 it will not
	  automatically reload after a transfer. User can reload.
	- reload timeout is a wait period after the reload is triggered.
	- more verbose acl logging. Validated acls are logged in detail.
	  Invalid acls are only logged in debug mode, level >= 1.
	- log message when xfrd tcp connections max out.
	- if unknown NSEC3 hash type (not SHA-1), disable NSEC3.
	- xfrd randomizes the timeouts, within 10% of original,
	  to spread out activity. Short timeouts < 10 seconds are not
	  affected, and will give activity bursts (on startup for example).

21 Apr 2006: Wouter
	- put NSEC3 code in nsec3.c and nsec3.h.
	- iterated_hash only adds the salt if salt_len > 0.
	- added some assertions and cleanups to nsec3 code.
	- prehash also calcs the nsec3_last domain*.
	- dbaccess when reading in will set the rr_type.owner value.
	- changed namedb_find_zone to domain_find_zone, log msgs.
	- implemented logic from nsec draft 05-pre2 section 5.4.1 - 5.4.8.
	  NSEC3 responses only happen for nsd compiled with --enable-nsec3
	  and for zones where an NSEC3 with the SOA bit set exists.
	- added prehash pointer to ds parent side cover for opt out.
	- removed dynamic plugins. Dynamic plugin support is an explicit 
	  non-requirement (under creeping featurism).
	- in domain table create root nsec3 ptrs are NULL.

20 Apr 2006: Wouter
	- Unittest of base 32 encoding. 
	- unittest start for iterated hash.
	- fixed for ctrlc in debug mode.
	- delete zparser_conv_long, not used, not needed
	- nsd-xfer will display NSEC3 correctly. zonec parses.
	- improved usage() line from zonec, about -c none, must be -C.
	- base32 printed in lowercase (canonical format for DNS).
	- NSEC3 added prehash pointers to the namedb.
	- NSEC3 autodetects presence of NSEC3 in zone and parameters.

19 Apr 2006: Wouter
	- port fix base10 in zonec conv short from 2_2 branch to trunk.
	  and conv byte, algo, certificate, long.
	- configure option to enable NSEC3 (--enable-nsec3) support.
	- from Ben Laurie's NSEC3 patch, loaned the parse code,
	  base32 conversion code and iterated_hash. 
	  With some small modifications. The type rrdescriptors are 
	  indexed by value below SPF, and in 
	  rdata_wireformat_to_rdata_atoms BINARYWITHLENGTH checks
	  for end of buffer. Also parser checks for '-' salt.
	  Some layout (spaces after ,s). And NSEC3 define is used.
	  strtol used for iterations is base 10.
	- moved rrtype descriptor table sanity check to unittest.

18 Apr 2006: Wouter
	- Fixed check for SOA IN, bad ntohs in the check.
	- minimum timeout also enforced for very low expire times.
	- report the actual used length of the sockaddr to sento
	  for FreeBSD.

7 Apr 2006: Wouter
	- modified the kill_nsd tpkg so that it waits up to 10x5 secs
	  for nsd to make the pid file, and it wait up to 10x5 secs for
	  nsd to exit after the kill signal is given.
	- xfrd checks on startup if there is trailing garbage in the
	  diff file, left there by a previous xfrd killed in action.
	  It then snips off any partial parts, so service can resume.
	  Also the difffile_skip pos is set before any partial record there.
	- first version of nsd-patch; reads db and ixfrs and updates zones.
	- moved print_rdata from nsd-xfer to rdata.h to share code.
	- moved print_rr from nsd-xfer to util.h to share code.

6 Apr 2006: Wouter
	- notify handler passes acl number that matches to xfrd.
	- xfrd keeps a next_master for a zone, and sets it after notify.
	  when notified nsd will try to contact the master that sent
	  the notify, if send from an address that is both in acl
	  allow-notify and request-xfr.
	- xfrd closes its tcp and udp sockets on exit.
	- default names for diff file and xfrd state nicer.
	- fixed up kill nsd grep on ps.
	- fixed up race conditions in test script for kill nsd
	  wait for pid file creation by nsd, and grep -v grep in check.
	- in nsd signal-flags inherited from the parent are zeroed 
	  when a server_child starts. Also the server_child switches back
	  to NSD_RUN mode when a bad mode happens.
	- check if ixfrs start from the version in memory.
	- if IXFR/AXFR ends in a serial that is newer than the serial
	  that was sent in an notify, update the notified serial.

5 Apr 2006: Wouter
	- added lowerbound for retry timeout.
	- added extra assertions to xfrd-tcp.c, saying that the waiting line
	  for tcp connections must be empty if the counter is below max.
	- setup so that the first master tried is the first in acl list.
	- diff file skips OPT and TSIG RRs if they are put into the answer
	  section.
	- if IXFR contains an RR to delete that does not exist, nothing
	  happens.
	- update zone for NS, RRSIG also if multiple RRs in the rrset.
	- difffile: create zone struct also if domain exists already.
	- difffile: destroy temp region on error.
	- difffile: in delete_RR, create temp region outside of the routine,
	  so no alloc region, destroy region for every deleted RR.
	- difffile: for IXFR: do not delete final SOA RR.
	- difffile: unknown parts in file is an error.
	- difffile: EOF on last packet is ignored w/o giving an error.

4 Apr 2006: Wouter
	- Addes EACCES to the netio dispatch error bailout.
	- Removed EACCESS (probably due to log_msg), error on close
	  xfrd pipe is small, main process closes its end, and hopes for 
	  the best).
	- review: return on error condition in xfrd_tcp_open fixed.
	- review: expired when time >= expire_time, so it will not wait
	  for the retry after expire until it will detect the expiredness.
	- removed duplicate lines from xfrd_handle_zone_timeout.
	- review: copy of uint32_t using memcpy to avoid unaligned memory
	  accesses.
	- review: fd=-1 removed from set_refresh_now; only does timer.
	- on a tcp timeout it will retry immediately (instead of waiting
	  another retry timeout). This means if you set refresh_now, it will
	  interrupt a tcp-timer for a fresh retry with the next master.
	- put null in buffer for xfrd read state.
	- log msg uses string that exists instead of overwritten buffer.
	- read entry sets refresh depending on current time,
	  and makes sure not to check soa contents if none provided.
	  added explanatory comments.
	- EACCES back in check.
	- server_main first checks for terminated children, then select().
	  So when select is interrupted, by kill or quitting children,
	  it will first see if it has to quit itself, before restarting
	  the children.
	- destroy tempregion xfrd read on error.
	- check for serial existence in xfrd_handle_incoming_soa.
	- handle_incoming_soa uses set_timer_refresh routine.
	  and can handle expire times < refresh times.
	- log msg for udp socket() error.
	- review: xfrd_parse_soa_info email parse uses correct buffer spot.
	- added a lowerbound to refresh interval (=1 second now).
	- upon receipt of a IXFR, if the serial is older than the notified
	  serial, the zone stays refreshing (but the ixfr is saved).

3 Apr 2006: Wouter
	- Added buffer length check to internal ipc.
	- split out packet_read_query_section from the process_query_section
	  routine (and moved to packet.c/h).
	- xfrd reads passed packet via ipc.
	- ported over fix to 2_2 on missing rr types by removing the 
	  duplicate RRtype array, and using rrtype_to_string.
	- xfrd handles notifies. immediately starts updating.
	- xfrd state file format fix.
	- removed libwrap stuff - superseded by acls.
	  use provide-xfr: statements for your zone in the config file.
	  updated README for this.
	- updated tpkg tests for axfr to use provide-xfr: 127.0.0.1 NOKEY
	- review: move var create to start of function (xfrd_init()).

31 Mar 2006: Wouter
	- zone type has a pointer to zone options.
	- nsd options has an rbtree to find zone options in.
	- nsd checks acl for incoming notifies and replies
	  error or confirmation.
	- nicer layout in options.c.
	- updated makefile dependencies.
	- fixed sz for SOA_INFO ipc, which was too small.
	- notify is sent to server_main, server_main sends it to xfrd.

30 Mar 2006: Wouter
	- include: documented in manual page.
	- MAXINCLUDES define in one place (config.h).
	- configure checks for strptime in include files.
	- use %d instead of %zd (sparc5 machine does not get zd).
	- use region_strdup in configlexer.
	- added a check for EINVAL in dispatch - will abort
	  on the error instead of busy hang.

29 Mar 2006: Wouter
	- \r for config lexer. (similar changes to zonelexer).
	- forward port of fix to 2_2 branch:
	  short int in var_arg is promoted to int, according to B. Laurie.
	  The same logic for %o, %d %x would hold for %u I think.
	- in XFRD, soa prim_ns and email domain names are kept in a max
	  size buffer.
	- split up dname_parse into parse from string to wireformat
	  and parse from wireformat to memoryformat, so both can be called.
	- split up dname_make_from_packet into reading the wireformat
	  from the packet and the dname_make, so both can be called.
	- xfrd reads all soa info from incoming xfr packets.
	- xfrd will ignore TC bit on tcp channels.
	- nsd sends xfrd all soa info, including ttl and dnames.
	- config file now has an include: filename directive.

28 Mar 2006: Miek
	- forward port fixes for zone compiler and \r. svn:1926-1927
	- add DO bit MASK and remove the !! construct

17 Mar 2006: Wouter
	- according to axfr-clarify, added comments that we check
	  more leniently on further responses on a TCP stream.

16 Mar 2006: Wouter
	- Fixed up SOA INFO Send routines. Send from server works.
	- niced up xfrd state file.
	- Fixed up so that after a reload it will continue in diff file
	  where it left off.
	- made send of SOA info use write_socket, in case of short writes.
	- redesigned xfrd_tcp_read to use the same code for ipc read.
	- no free()s before xfrd exit.
	- xfrd handles incoming SOA INFO ipc packets.
	- removed debug, updated zones get SOA INFO sent.

15 Mar 2006: Wouter
	- Fixed up domain table insert, it was being used in routines
	  that originate from nsd-xfer that do not set compression numbers
	  correctly.
	- memleak fix in difffile in case of error.
	- difffile processing works so that NSD can read an axfr saved
	  into the nsd.diff file. (xfrd already request and save it there).
	- split off xfrd tcp handling into xfrd-tcp.c.
	- cleaned up send_udp in xfrd, and read_state.
	- removed xfrd tcp_send_blocking.
	- xfrd sets state from ok to refresh to expired based on timeout.
	- xfrd sets reload timeout.
	- Added zone updated to keep track of zones that are changed
	  after a reload. These zones get their information notified
	  to xfrd.
	- removed unused zprintrr declaration from zonec.h
	- nsd sends soa information to xfrd.

14 Mar 2006: Wouter
	- TODO updated
	- worked on reload ixfr. It will add/delete RRs and zones.
	- xfrd receive parse of xfr messages improved. writes commit.
	- server compressed_dname_offsets table is increased if reload
	  creates extra names.
	- difffile will create zone and apex if not there (i.e. the zone
	  is configured but no data file provided).
	- bit more verbose in error message for bad diff file.
	- Typo fix in sample config file.

13 Mar 2006: Wouter
	- configure sets fseek (fgetpos/fsetpos) to use 64 bit interface
	  with _FILE_OFFSET_BITS=64.
	- nsd will skip loading the .db if the DB checksum is the same.
	- Miek added trace test and nsd kill test.
	- Wouter worked on diff file c.

10 Mar 2006: Wouter
	- Cleanup of UDP/TCP code in XFRD.
	- xfrd now has tcp max connections and managing. tcp read/write.
	- response TC on UDP ixfr, starts TCP.
	- sends correct ixfr and axfr queries, a bind server answers.
	- made packet_skip_dname() public.
	- sets read/write event flags for tcp fd right.

9 Mar 2006: Wouter
	- Removed header from DIFF file format. CRC not that important there,
	  you have to check the packets anyway.
	- cutest rbtree removed unused clean_rbtree and always_fail routines.
	- xfrd timeout handler, more work. Checks expire.

8 Mar 2006: Wouter
	- xfrd sends UDP xfr request to master(s) with timeouts, and stores
	  returned data on disk.
	- updated dependencies and declaration of write_soa_buffer.

7 Mar 2006: Wouter
	- Fixed printfs for size_t warnings on Mac OsX.

6 Mar 2006: nsd-team
   * Wouter: xfrd read and write work. Statefile is "nsd.xfst".
   * Wouter: nsd-checkconf checks dname parse of zone name:.
   * Wouter: updated difffile in parser.y, production in server: clause.
   * Wouter: zonec now takes -C for 'no config file' option.
   * Wouter: updated configyyrename.h for bison 1.875d on sparc.
   * Miek: zonec -h and nsd -h exit with exit code = 0.
   * Miek & Wouter: updated tpkgs to work again.
   * Wouter: xfrd read handle soas, handle soa_incoming part.
   * Wouter: moved compare_serial() from nsd-xfer to util.h.

4 Mar 2006: Wouter
	- xfrd zone and soa memory structure definitions.
	- xfrd init zones.
	- xfrd read and write state file code.
	- option for difffile: and xfrdfile: config lines.

3 Mar 2006: Wouter
	- Removed double kill after reload. Only socket cmd send.
	- Added code to handle race condition where xfrd is restarted
	  during a successful reload. Afterwards, the new server_main
	  only has the old xfrd pid, new xfrd is an orphan.
	  Solution: when xfrd closes cmd channel (i.e. it quit)
	  unexpectedly, send sighup to all processes in the group.
	  This should quit the orphan & all children & reload the
	  server_main, which will fork the children and xfrd again.

2 Mar 2006: Wouter
	- Added nsd-checkconf.8 to makedist.sh replace list.
	- DIFF file format updated.
	- removed tsigkey->server value, it was read in, but unused.
	- new function to add config file keys to tsig.
	- nsd-checkconf checks parsing of keys. 
	- Updated sample key file with valid keys.
	- added first xfrd files. xfrd is started from server_main.
	  xfrd listens to server and server to xfrd. xfrd is restarted
	  if it dies unexpectedly. xfrd quits when server signals it.
	  xfrd survives nsd reloads.
	- nsd_options no longer global variable.

1 Mar 2006: Wouter
	- Nicer text in nsd.8.
	- nsd.c prettier code in option handling.
	- zonec.c code prettier in option handling, also chdir bug removed.
	  zonec uses the zone definitions in the config file.
	  updated zonec.8 and usage().
	- nsd also chdirs to the zonedir, otherwise nsd and zonec would
	  try to read the database: file from different directories.
	  .(it does the chdir before the chroot call.)
	- new calling syntax for zonec and nsd, because of new config file.
	- options added acl acceptance tests (no tsig yet).
	- added unit test for options.c - for acl tests.
	- zonec removed unused vars, nsd-checkconf print arguments.
	- nsd-checkconf.8 manual page.

28 Feb 2006: Wouter
	- checked in options.h and config parser code.
	- also nsd-checkconf that will test a config file 
	  .(and optionally show what was read).
	- default identity has a spelling error.
	- Small fix (typo in example) to config manual page.
	- Added ; to configparser.y to please bison 1.75 on bsd.
	- Will check for blocked addresses in outgoing acls. Also ranges.
	- Check configuration tpkg test added. Uses checkconf.
	- checkconf does extra semantic tests. i.e. enable absent features.
	- tcpcount and servercount cannot be negative.
	- updated nsd.conf.5 manpage for @port syntax.
	- changed config parser: allows empty server: part (defaults).
	- made nsd.conf.sample file.
	- put option to configure for CONFIG_FILE nsd.conf location.
	  Note. Already nsdc.conf exists. Both exist now.
	- updated makefile dependencies (gcc -MM).
	- getopt optstring in nsd-checkconf updated ("v" only option).
	- Added config .o files to nsd and zonec. This compiles.
	- Added commandline option -c configfile to zonec and nsd.
	  configure defaults < configfile < commandline options in importance.

24 Feb 2006: Wouter
	- Added compute_crc in util.h and unit tests for it.
	- in cutest.tpkg the number of unit tests was hardcoded
	  in the tpkg package. Removed the dependency, cutest exit
	  value indicates if any failures happened.
	- Added crc at end of NSD-database format. Unique per db.
	  upped db version to 7 because of this.
	- Tested that crcs are big/little endian correct.
	- Added DIFF file spec
	- updated tpkg213 which compares md5 on a zonefile for new format.
	- added nsd.conf.5 manual page with a draft contents.

22 Feb 2006: nsd-team
   * Miek: Changed over to Cutest testing framework.
   * Miek: fixed typo in netio.h
   * Miek: fix syntax in rbtree.c put functions on multiple lines.
   * Miek: unit test tpkg for cutest.
   * Wouter: fixed ptr bug in rbtree unit test.

17 Feb 2006: Wouter
	- rbtree_delete is added and works. Unit tests are there too.
	- Changed tail recursion in rbtree_delete to while loop.
	- Tagged this version as NSD_3_signalsocket_solution.
	  It is the stable 2_2 branch with cleanups, portable, and
	  signalhandler solution by socket communication redesign.

15 Feb 2006: nsd-team
   * Wouter: Fixed server_child would wait for two kill signals before quit.
   * Miek: don't check for port==0 pkt, just try to send them. 
	Forward Port of 2.3.
   * Wouter: Removed unused, not substituted, @nsdxfer@ from Makefile.in.

14 Feb 2006: Wouter
	- Added unit tests for rbtree. Extensive testing of all functions.
	- Added tpkg unit test.
	- configure tests for CUnit(optional lib for unit tests). Makefile
	  cleanup so it works on non-gmake on freebsd.

13 Feb 2006: Wouter
	- Removed timespec_add(current_time) in server_main, the timeout was
	  relative, not absolute. This fixes EINVAL on the timeout on freebsd.
	- Added check in configure for compiler flags. Used for -Wextra.
	- Added check in configure for va_list definition conflict between
	  stdio and stdarg. This happens on DEC Alpha/Debian.
	- removed --enable-mmap configure option. There is no mmap support
	  in the current codebase.
	- renamed local prev to next in domain_next() in namedb.h.
	- Removed heap.h. It was not used. Heap and rbtree are mingled anyway.
	- in netio.c, in dispatch, it would store the next pointer 'in case
	  the handler removes itself'. But if the handler removes that next.
	  Then it would fail. So stored the next in struct netio.
	  This removes a potential bug. Netio_dispatch is not reentrant.
	  Reentry would need a list of iterator* in struct netio.
	- Changed process_query() to server_process_query(). It is too 
	  similar to query_process().

10 Feb 2006: nsd-team
   * Wouter: Improved configure.ac to detect pselect in sys/select.
	The check works on freebsd(yes) and fedoracore 3 and 4 (no).
	I hope it also works on Solaris.
	Also various other prototypes were implicit: chroot, strptime, ...
	These are also solved.
   * Wouter: Checked configure on sparc5(solaris). Added check for
	ctime_r in time.h (for tsig.c). This conf also works on freebsd/linux.
   * Wouter: Updated dependencies in makefile for plugin headers.
	These are included only when --enable-plugins is present.
   * Wouter: Added a send quit over socket to kill commands in server_main,
	These act when the fork children fails. If the kill fails, the
	socket command hopefully still works.
   * Wouter: Put reload code into a separate function. It communicates with
	a socket to the old parent, and sends it a quit command. This works
	and terminates the old nsd. Left in the kill as a double failsafe.
	If the reload process dies, then the parent closes the socket.
   * Wouter: Separated the signal mode from the socket-determined nsd->mode.
	Every signal function has a variable, so that multiple signals can
	arrive. Only the number of signals of the same type is lost, but not
	important for nsd. The signals are handled in turn by the run loop.
	This completes the coding to remove signal race conditions:
	- nsd uses sockets to communicate with its subprocesses(server,reload).
	- signal handler routine contains no lengthy system calls.
	- signals cannot overwrite a previous signal.
   * Wouter: fixed problem where nsd->mode and mode are different in 
	server_main. Nsd would kill the children, but then restart them again.

09 Feb 2006: nsd-team
   * Wouter: Updated dependencies in Makefile (regenerated them with gcc -MM).
   * Wouter: Used splint on the source (with settings to reduce spam.)
	And came to the following changes:
	- In util.h, make it respect HAVE_CONFIG_H and HAVE_SYSLOG_H.
	Also it now defines fallback values for #defines in syslog h.
	- Added explicit cast to (unsigned int) in snprintf in dname.c,
	dname_to_string routine.
   * Wouter: Used extra warnings during gcc compile. -Wextra -Wall 
	-pedantic -Wbad-function-cast -Wmissing-declarations 
	-Wmissing-prototypes -Wnested-externs -Wold-style-definition 
	-Wstrict-prototypes -Wdeclaration-after-statement.
	Using -Wtraditional gives too many warnings.
   * Wouter: Found a problem with pselect. sys/select.h does not by default
	provide the pselect function definition. configure script is 
	adjusted to test for this and enable _XOPEN_SOURCE=600 to get it.
	Found this using the gcc warnings.
   * Wouter: dname and rbtree test apps were in make clean target, but
	do not exist anymore. Removed from make clean target.
   * Wouter: in util log_file() the epoch time_t is passed to printf
	without an int cast. Found using extra gcc warnings.
   * Wouter: In server.c fixed some signed-unsigned comparisons
	using the extra gcc warnings.
	- in shutdown and int was used instead of size_t.
	- in server_main timeout(signed) was compared with unsigned.
	- unused variable in new handler functions.
	- in handle_child_command int i instead of size_t was used.
	- in zonec the process_rr routine was missing (void) as paramlist.
   * Wouter: Added -Wall and -Wextra when --enable-checking is enabled.
   * Miek: Ported over the big fat enable checking configure warning.
   * Wouter: fixed configure check for pselect on freebsd.

08 Feb 2006: nsd-team
   * Wouter: In server.c also sockets from unexpectedly dead childs are closed.
   * Wouter: in nsd.c and server.c cleaned out the signal handler, so that
	it only includes two switch/if statements and alters only the mode. 
	No more calls to alarm(), waitpid(), write(), log_msg().
	Instead the work is done in the runloop in server.c and sent by socket.
	Also the parent now waits for children. Parent restarts them.
   * Wouter: Fixup, the children will quit if the parent closes the command
	socket. If parent is killed, they will exit too.
   * Wouter: The server_main now listens to children command channels.
	Included timeout to check for terminated processes.
	Test says that new signal handler works, and child->parent comm.

07 Feb 2006: nsd-team 
   * Miek: configure.ac version to 3.0.0
   * Miek: looked at: buffer.{ch}, answer.{ch}, dns.{ch}
	   those files don't have any changes, except for dns.{ch} for the
	   explicit compression.
   * Miek: looked at: zlexer.lex and zparser.y; only changes there
	for the database changes.
   * Wouter: Changed buffer in write_pid from 16 bytes to 32 bytes, 
	this makes 64 bit numbers fit in the buffer.
   * Wouter: Socket connection between parent and child nsds added.
	But sighandler now in worse shape. Need to close them. Remove kills.
   * Wouter: close the parent and child command channel sockets in shutdown().