Changes   [plain text]

$Id: Changes 710 2008-02-08 15:22:21Z olaf $                       -*-text-*-

Revision history for Net::DNS               

*** 0.63, 8 Feb 2008

This version contains a Security Fix.

Feature NotifyHandler in Nameserver
  The NotifyHandler is a new attribute to the nameserver used in the
  same way as the ReplyHandler except that it is executed when the
  opcode is NS_NOTIFY (RFC1996). It takes the same arguments as the
  reply handler (i.e. $qname, $qclass, $qtype, $peerhost, and $query).
  Corrections made in the documentation.

Fix #32937: 5.11 introduces new warning on uc(undef)

  The patch supplied fixes for methods where undefined arguments were
  likely. For methods where undefined arguments don't make the warning
  will be printed.

Fix #32147: Default LocalAddr broken in Net::DNS::Nameserver 0.62

  Listen on the default address if LocalAddr not defined.

Fix #30316  Security issue with Net::DNS Resolver.

  Net/DNS/RR/ in Net::DNS 0.60 build 654 allows remote attackers
  to cause a denial of service (program "croak") via a crafted DNS
  response ( Packet
  parsing routines are now enclosed in eval blocks to trap exception
  and avoid premature termination of user program.

Bug: mbox-dname and txt-dname were not allowed to be empty in the RP RR.
   Fix by Peter Koch

*** 0.62, 28 December 2007

Features: Move of some functionality out of the Packet to the Question
   and RR classes; parsing of elements in the packet is now performed
   by calling the appropriate subclasses.

   New methods were introduced:
   * Net::DNS::Packet->parse()
   * Net::DNS::RR->parse()
   * Net::DNS::Question->parse()

   The Packet class now defers parsing of authority/additional until
   their content is really needed. This should cause a bit of
   performance improvement.

   Dick Franks is acknowledged for this Good Work (TM).

Feature: the Net::DNS::Packet's answersize() method will from now on
    ignore its arguments and just return the size of the packet.

Feature: The Net::DNS::RR->new() method used to call
    Net::DNS::RR->new_from_data() whenever called with the appropriate
    combination of arguments. That (undocumented) behavior has been deprecated.
    Use Net::DNS::RR->new_from_data() directly if you depended on that.

Feature: Net::DNS::Packets unique_push now ignores the TTL in
    comparison of uniqueness, this is closer to the intend of
    RFC2181, but not yet fully compliant.

Fix #29816
    Acquiring the IP address for the Resolver under Cygwin is made
    more resilient.

Fix #31425
    Empty question section in search method detected

Fix #31042
    Makefile corrected to add a library target.

Fix #29818
    10-recurse.t used to fail in very specific environment (where a query for
    qname="." and qtype="NS" would return with an empty additional section).
    Fixed by adding the hints explicitly; this also forces the tests to take
    place under the root served by

Fix #29877
    Made 00-version.t recognize a "GIT" environment.

Fix #29878 did not evaluate as true. Thanks Bjorn Hansen.

Fix #21398
   answersize() and answerfrom() set for persistent sockets

Fix #29883
   Fix various tests only available through SVN, so they are 
   more robust (Acknowledgements Bjoern Hansen)

Fix #24343
   Resolver's nameserver() method would do silly things with undefined 

Fix #29531, and modified to avoid erroneous PTR
   lookup in response to mischievous query packet containing an IP address.

Fix #27970 better netdns.o

    Marek Rouchal provided two minor improvements for linking the C
    code sniplets

Fix rt.cpan 28345

    A fix in Test::Simple revealed an off by 1 error in the testplan
    for 05-rr-rrsort.t. The fix is to remove a test, creating a dependency
    on Test::Simple 0.71 seemed overkill.

*** 0.61, 1 August 2007

Fix #28106, 28198, and 28590
    Modification of $_ in various places.  

    t/11-inet6 assumed lowercase domain names.

*** 0.60 20 June 2007

Fix spelling mistakes in change log using interactive spell checker (aspell).

    Two redundant calls of $self->rdatastr() in Net::DNS::RR::string().

Fix #27285 bis
    Unreleased 0.59_1 dn_expand_PP() has security flaw allowing access to
    arbitrary data using crafted packet with out of range compression pointer.
    Patch by Dick Franks based on 0.59 code. 

Fix #27391
    dn_compress() produces corrupt packet for name containing empty label.

Fix #26957
    dn_compress() croaks for name having label which exceeds 63 characters.
    Patch by Dick Franks truncates offending label.

Feature check_soa test of NCACHE TTL
    Dick Franks supplied an improved version of check_soa script which
    performs a direct test of NCACHE TTL by looking up non-existent name and
    reporting value if it exceeds 86400. Test is skipped unless minimumTTL is
    above same threshold.  Recent BIND implementations impose a ceiling on
    NCACHE TTLs internally, so a large minimumTTL value is unlikely to have
    damaging consequences at many sites.

Fix #27285
    Break out of malformed packets with compression loops.
    Steffen Ullrich is acknowledged for patch and test code.

Feature check_zone "alternate domain" and "exception file" flags
    Paul Archer supplied a patch for check_zone adding two new features.

Feature Support for IPSECKEY RR
    Rudimentary IPSECKEY RR support added.

Fix  #25342
    HINFO would only accept its data fields within quotes. That has now
    been fixed to adhere to <character-string> by inheriting parsing functions
    from TXT.

Fix #24631 / Feature IP address prefix notation
    Dick Franks supplied a cleaned up version of

    Revised code deals with incomplete IPv6 address bug and accepts RFC4291
    address prefix notation. IPv4/prefix also supported for completeness.

    This involved a minor change to the API for reverse IP lookup.  Changing
    qtype to PTR is now performed for A and AAAA only.  This allows queries
    for NS and SOA records at interior nodes to be specified using the address
    prefix.  Type ANY queries now also produce the expected result.

    Cleaned up TYPE/CLASS reversal code, exploiting fact that the intersection
    of the sets of class and type names contains only one member (ANY).

    Minor cleanup of remaining code.

Fix #22019

    Expunge trailing dots from RR->new_from_hash() FQDN arguments.
    Patch by Dick Franks.

Fix Recursion and EDNS OPT record

    The Recursive resolver process would add an OPT-RR with each recursion
    which causes FORMERRs with a number of authoritative servers.

Feature SSHFP warn instead of die

    We do not die if a not implemented fingerprint type value is read
    from the wire, instead we 'warn' and return undef.

Feature NSEC3PARAM hook 

    A hook to load NSEC3PARAM when available has been added.
    WARNING: Both NSEC3 and NSEC3PARAM are configured with their
    experimental type codes.

Feature rt r24525 

    Net::DNS::Resolver depended on Net::IP (2268 Kb) which depends on
    heavy module Math::BigInt (1780 Kb). Valery Studennikov suggested to
    ship Net::DNS::Resolver::Base with its own copies of ip_is_ipv[4|6] and
    supplied a patch with those functions stripped from Net::IP.

    Note that the package still depends on Net::IP because
    Net::DNS::Nameserver and a few tests depend on it.

Fix rt 22334
    Fixed "perl Makefile.PL --xs" behavior, patch by Tamas Palfalvi

Fix rt 21752 and 24042
    Applied the patch supplied by Alexandr Ciornii to be able
    to compile on ActiveState perl .
    Slight modifications based on comments by nimnul

Fix rt 23961
    Randomized the ID on the queries. Thanks to "hjp" for reporting and
    suggesting a fix.

    The randomization of the src port is supposed to be handled by the
    setting the source port to "0" (default). Overriding the default
    or using persistent sockets may be problematic.

    Also see:

    Minor compile time warnings for netdns.c on Fedora Core.

*** 0.59 September 18, 2006

Fix 20836, 20857, 20994, and 21402

    These tickets all revolved around proper reverse mapping of IPv6

    Acknowledgments to Dick Franks who has provided elegant solutions and
    cleaned a bit of code.

    Note that directly calling Question->new() without arguments will
    cause the qclass,qtype to be IN, A instead of ANY, ANY.

    Net::DNS::Resolver's search() method would always gracefully
    interpret a qname in the form of an IPv4 address. It would go out
    and do a PTR query in the reverse address tree. This behavior has
    also been applied to IPv6 addresses in their many shapes and

    This change did two things, 1) root zone not implicitly added to
    search list when looking up short name, 2) default domain appended
    to short name if DEFNAMES and not DNSRCH.

Fix 18113

   Minor error due to unapplied part of patch fixed.

Feature: Experimental NSEC3 hooks. 

   Added hook for future support of (experimental) NSEC3 support
   (NSEC3 having an experimental type code).

*** 0.58 July 4, 2006

Feature: hooks for DLV support in Net::DNS::SEC

   added hooks for DLV support which is/will be available in
   Net::DNS::SEC as of subversion version 592 (Tests are done against
   the subversion number, not against the perl release version)
   Net::DNS::SEC version 0.15 will have DLV support.

Partly Fixed 18940

   djhale noticed a number of error conditions under which the
   udp_connection in Nameserver dies. We now print a warning instead
   of dying.

Fix 18958

   Fixed typebyname croak for SIGZERO. Acknowledgments to djhale.

Optimize 11931

   Hanno Stock optimized the method to get the list of available
   interfaces in Win32.  I have only done very rudimentary tests on
   my Windows XP system.

Fix dependency on "CC" 19352

   The Makefile.PL depended on availability of "cc" and would bail
   out on systems where gcc is exclusively available. Thanks to Rob
   Windsor for noticing and patching.

Fix compressed dnames in NAPTR/SRV

    Clayton O'Neill noted that the the domain names in in the NAPTR
    and SRV RRs rdata were subject to name compression which is not
    conform the specs. Also see RFC 2782 and 2915.

Fix 18897

   Zero-length rdata in TXT fixed (Acknowledgments to Roy Arends)

Fix 18785

   SPF would not work unless the TXT RR was not loaded first. No
   wonder, SPF fully inherits TXT and loading of is therefore a

Fix 18713

    Net::DNS::Resolver now deals gracefully with persistent sockets
    that got disconnected. It will first try to connect again to the
    socket and if that fails it will try to connect to the next
    available nameserver. tcp_timeout() is the parameter that
    determines how long to wait during a reconnect.

Fix 18268

     Added reference to RFC in croak message for label length > 63 in

Fix  18113

    The inet6 tests contained another bug when online-tests were disabled.
    Klaus Heinz discovered and provided a patch.

*** 0.57 February 24, 2006

Fix 17783

    The inet6 tests do not skip enough tests when ipv6 is not available.
    I did not catch this in my setup since IPv6 is available on all my

    Since this breaks automatic CPAN installs a new release is

*** 0.56 February 20, 2006

Fix 17694
   Net::DNS::typesbyval() now confesses on undefined
   args. Acknowledgments to Dean Serenevy.

Feature Implemented SPF (typecode 99).

   The class completely inherits from Net::DNS::RR::TXT (the easiest 
   RR to implement ever).

Feature added rrsort() function.
   Feature was requested by Eric Hall in 13392

   This was a little tricky as I think that the sort functions are in
   fact RR specific class attributes that should be accessed through
   class methods. This is difficult to implement. I do think I found a
   fairly clean manner. It does require a global variable in Net::DNS
   to store the functions and some trickery when the sorting functions
   are defined.

   See Net::DNS and Net::DNS::RR documentation for details.

   Defaults sorting functions are currently implemented in 
      SRV: default sort: low priority to high priority and for
           same preference highest weight first.
	   weight: sort all RRs based on weight, highest first
	   priority: see default sort

      MX:  default sort: lowest preference first.
           preference: see default sort    
    NAPTR: default sort: lowest to highest order, for same order lowest
           preference first
	   order: see default sort
	   preference: order on preference, lowest first

      PX:  See MX
      RT:  See MX

Fix 14653 and 14049 
   TCP fallback after V6 socket failure 

   Reworked Net::DNS::Base::Nameserver::send_tcp() to fallback to IPv4 when 
   possible. (change applied to SVN Revision 538).

Feature Cleanup duplicated code

   axfr_send() and send_tcp() contained some duplicated code. I merged
   this in one "helper" method _create_tcp_socket()

Fix AXFR persistent sockets colliding with query sockets.

   I think that using the same persistent sockets for AXFR and
   'ordinary' queries could lead to race conditions. Better safe than
   sorry. For axfrs we create a different set of persistent sockets.

   Note that this prevents performing a SOA query first and then using
   the same socket for the zone transfer itself(in Net::DNS these are
   different code paths). This behavior of SOA and transfer on the
   same socket-- seems to be suggested by 1035 section 4.2.2:

     "In particular, the server should allow the SOA and AXFR request
     sequence (which begins a refresh operation) to be made on a
     single connection."

   Obviously, on the client side this behavior is not mandatory.

Fix 17596
    The fixes and features above also fixed the timeout problem reported by
    Paul Hofman


    It turned out that each time we were calling
    Net::DNS::Resolver::Base::nameserver(); We were creating a
    resolver object. Now a resolver object is only called when a
    domain name is given as argument.

**** 0.55 December 14, 2005

Fix Inconsistency in test

   There was an inconsistency in the t/05-rr.t that got triggered by
   the release of Net::DNS::SEC version 0.13 (when installed). That
   has been fixed.

Feature Net::DNS::Nameserver loop_once()

   Uncommented the documentation of the loop_once() function and introduced
   get_open_tcp() that reports if there are any open TCP sockets (useful
   when using loop_once().

   loop_once() itself was introduced in version 0.53_02

Fix 16392

   TCP Sockets stayed open even if not requested. This may cause the kernel
   to run out of TCP slots. 

   This bug is the reason for releasing version 0.55 shortly after 0.54.

   Spotted and patched by Robert Felber.

*** 0.54 December 7, 2005

Fix 15947

  Failure to bind a nameserver when specifying an IPv6 address.

Fix 11931

  Using Net-DNS 0.53 on Win XP, it is unable to retrieve the
  nameservers when the IP address of the interface is assigned by
  DHCP.  This is due to the DHCP assigned IP address being stored in
  DhcpIPAddress rather than IPAddress (which is then  Adding
  a check of DhcpIPAddress existence and not being fixes the
  problem.  Applied the patch submitted by "orjan". 

Fix 15119

  main_loop() consumed 100% of CPU, because of a bug that
  caused loop_once() to loop ad infinitum.

Fix 15299

  Defining multiple constants with 'use constant { BLA => 1, FOO =>2 };
  is a backwards incompatible feature. Thanks to Ian White for spotting and
  fixing this.

*** 0.53_02 Oct 18, 2005

Fix 14046

  RRSIGs verify and create failed for a number of RR types. The 
  error message showed something like:
      Can't call method "dn_comp" on an undefined value 
  This was caused by an omission in the _canonicalRdata() method
  in Net::DNS::RR that was inherited by all failing RR types.

  Code was added to t/05-rr.t that will test signature creation
  if Net::DNS::SEC is available and can be loaded.

Feature async nameserver behaviour.
   In 14622 Robert Stone suggested:

      The fact that it needs to take over the main running thread
      limits its audience.  Since many daemon programs are already
      driven by a top level select loop, it seems useful to provide an
      API for the user to integrate Net::DNS::Nameserver processing to
      their own select loop.

   He also supplied example code for which he is hereby acknowledged.
   The patch was not used because simultaneously Robert Martin-Legène
   supplied a patch to that allowed the same async
   functionality through the use of loop_once method. Robert M-L's 
   code also carefully manages the TCP sockets, so that they can 
   deal with AXFRs.

   Robert S. has been so kind to review Robert M-L's code and is hereby
   kindly acknowledged.

   NB. Since the code may be subject to change the documentation of the
   loop_once method has been commented out.

Fix bgsend srcaddr for IPv6 Achim Adam previously noticed that the
  source address wildard "::" works provides better portability than
  "0". We forgot to fix the bgsend() part earlier.

Fix 14624 

  Fixed documentation of Replyhandler and fixed a bug
  that prevented the peerhost to be set.

Fix 14700

  mistyped _name2wire helper function name. Noticed and patched by Simon 

Fix 13944

  Terminating dot not printed when printing SRV record. The SRV dname should
  be printed as FQDN, that is, including the dot at the end.
  Acknowledgments Jakob Schlyter. 

  While adding the "dot" I noticed that in the fileformat parsing code
  there might be theoretical corner cases where rdata elements are not
  properly read. The code needs an audit for this.

Fix srcport for socket creation in bgsend method

   Lionel Cons noted and patched a small bug in bgsocket creation code for

*** 0.53_01 July 31, 2005

Fix 13809

   "Phar" noted that the peerhost is never passed to the make_reply function
   in and provided the trivial patch. 

Fix 13922

    Fixed a problem with persistent TCP sockets which was introduced
    because of using the address family as an index to the array of
    persistent sockets. 

    Used AF_UNSPEC for the array index for the TCP socket; just to choose
    a number. The key to the persistent sockets is the remote nameserver:port 

    Acknowledgments to Mike Mitchell for reporting the bug and testing
    the solution.

Feat t/01-resolve will not try to do tests from private IP space; hopefully
    that cuts down on the number of false positives.

*** 0.53 July 22, 2005

Fix 13669

    Danny Thomas provided a somewhat more elegant line of code for the 
    typesbyval regexp.

Fix 13534 

    Net::DNS::Resolver::Recurse would bail out when it happened to run
    into lame servers.

Doc 13387

    Documented the BUG caught by Robert Martin-Legène
    Net::DNS::Nameserver running with multiple IP interfaces might
    violate section 4 of RFC2181.

Fix IPv6 on AIX

    Binding to the local interface did not work when local address was
    specified as "0" instead of "::". The problem was identified,
    reported and fixed by Achim Adam.

Fix 13232
    One uncaught AF_INET6.

*** 0.52 July 1, 2005


    added the the size(), do(),set_do() and clear_do() methods.

*** 0.51_02 June 22, 2005

Fix 13297 

    Persistent_udp option broken starting in version 0.50.
    This was fixed, based on a patch by Sidney Markowitz.
    Guido van Rooij independently submitted a similar patch.
Fix 13289 	
    Was caused by a typo. 

Fix 13243 and 13191 

    The escaped characters test failed on some system because the 
    the systems dn_expand instead of the supplied dn_expand 
    was used after the makemaker magic linked DNS.xs.

    This was fixed by renaming the dn_expand that comes with the
    library to netdns_dn_expand.

Fix 13239:

    When queries are refused the resolver would not take the next
    nameserver on the nameserver list for its next try but skip one.

    I was also made aware that the "use byte" pragma is incompatible
    with pre 5.06 perl. 

    BEGIN { 
          eval { require bytes; }

    It should be noted that for perl versions < 5.006 I had to disable
    the escaped character test. Don't expect domain names with labels
    that contain anything else than host names to work for versions
    earlier than perl 5.6.0.

    Thanks to Vladimir Kotal for the assistance in testing the code on
    his system and the members of the NL-PM list for suggestions and

*** 0.51_01 June 14, 2005

Fix 13232:

    Replaced IF_INET6 by IF_INET6() so that use strict subs does not
    complain in the absence of a definition of IF_INET6 in earlier
    versions perl that did not have IF_INET6 defined in
    The problem is similar to the problem described in:

*** 0.51 June 10, 2005

Fix 13184:

     Removed a 'stale' debug line (oops).  A "stale" debug line may
     cause clutter in log files which may cause false positives on log
     analysis tools. Harmful enough to warrant a quick patch.

*** 0.50 June 8, 2005

No changes with respect to 0.49_03.

*** 0.49_03  June 1, 2005  (Version 0.50 release candidate 3)

      Concatenation of scalars caused modification of data because of 
      Perl's habit to treat scalars as utf characters instead of bytes.
      Inserted use bytes pragma throughout the code base. DNS is done
      in octets.

      Added "ignqrid" as an attribute to the Resolver.

      use as:
      ok (my $res=Net::DNS::Resolver->new(nameservers => [''],
				    port => 5354,
				    recurse => 0,
				    igntc => 1,
				    ignqrid => 1,
      When the attribute is set to a non-zero value replies with the
      qr bit clear and replies with non-matching query ids are
      happily accepted. This opens the possibility to accept spoofed

      It is set to 0 per default and remains, except for this changes file
      an undocumented feature.

*** 0.49_02  May 28, 2005  (Version 0.50 release candidate 2)

Fix: Smoking Gun tests for non-cygwin Win32.
      Makefile.PL failed to produce a proper Makefile under win32.
      (e.g. www,
      I worked around that by moving the library into the base
      directory of the distribution as the "subdir" section 
      seemed to be all funny.

Fix: (the off-topic part)

      Sidney Markowitz spotted an awkward condition that rarely happens but is
      significant enough to be dealt with.

      In the send_udp method there are two loops: one over the nameservers
      and one that waits for the sockets to come forward with data.

      That second loop will sometimes timeout and then be entered with a 
      repeated query to the same nameserver. It occasionally happens that the
      old packet arrives on the socket. That packet is discarded but the 
      loop does not return to the loop to wait for the remainder of the
      timeout period for an answer on the second query, that may still arrive.
      This has now been fixed.

      Thanks to Sidney for the assessment of the problem and the fix.

*** 0.49_01    (Version 0.50 release candidate 1)

Fix: Makefile.PL: Minor tweak to recognize Mac OS X 10.4 not so relevant
    since netdnslib is distributed with the code.

Feature: Calling the Net::DNS::Resolver::dnssec method with a non-zero
    argument will set the udppacketsize to 2048. The method will
    also carp a warning if you pass a non-zero argument when
    Net::DNS::SEC is not installed.

Feature: IPv6 transport support
     IPv6 transport has been added to the resolver and to the
     nameserver code.
     To use IPv6 please make sure that you have IO::Socket::INET6 version
     2.01 or later installed.

     If IPv6 transport is available Net::DNS::Resolver::Recurse will make
     use of it (picking randomly between IPv4 and IPv6 transport) use
     the force_v4() method to only force IPv4.

Feature: Binary characters in labels

     RFC 1035 3.1:
       Domain names in messages are expressed in terms of a sequence of
       labels.  Each label is represented as a one octet length field
       followed by that number of octets.  Since every domain name ends
       with the null label of the root, a domain name is terminated by a
       length byte of zero.  The high order two bits of every length octet
       must be zero, and the remaining six bits of the length field limit
       the label to 63 octets or less.
     Unfortunately dname attributes are stored strings throughout
     Net::DNS.  (With hindsight dnames should have had their own class
     in which one could have preserved the wire format.).
     To be able to represent all octets that are allowed in domain
     names I took the approach to use the "presentation format" for
     the attributes. This presentation format is defined in RFC 1035
     I added code to parse presentation format domain names that has
     escaped data such as \ddd and \X (where X is not a number) to
     wireformat and vice verse. In the conversion from wire format to
     presentation format the characters that have special meaning in a
     zone file are escaped (so that they can be cut-n-pasted without
     These are " (0x22), $ (0x24), (0x28), ) (0x29), . (0x2e) , ;
     (0x3b), @ (ox40) and \ (0x5c). The number between brackets
     representing the ascii code in hex.
     Note that wherever a name occurs as a string in Net::DNS it is
     now in presentation format.
     For those that dealt with 'hostnames' (subset of all possible
     domain names) this will be a completely transparent change.
     I added netdnslib which contains Net::DNS's own dn_expand. Its
     implemented in C and the source is a hodgepodge of Berkeley based
     code and snippets from ISC's bind9 distribution. The behavior, in
     terms of which chars are escaped, is similar to bind9.
     There are some functions added to that do conversion from
     presentation and wire format and back. They should only be used
     internally (although they live in EXPORT_OK.)
     For esoteric test cases see t/11-escapedchars.t.
Fix: #11931 
     Applied the patch suggested by "Sidney". It is a practical workaround
     that may not be portable to all versions of the OS from Redmond. See
     the ticket for details.

*** 0.49 March 29, 2005

     No changes wrt 0.48_03.

*** 0.48_03 March 22, 2005 (Version 0.49 release candidate 3)

Fix: Only remove leading zeros in the regular expressions for typesbyval
     and classbyval methods. (patch by Ronald v.d. Pol)

Fix: Properly return an empty array in the authority, additional and answer
     methods (patch by Ronald v.d. Pol)

Fix: #11930 
     Incorrect searchlist duplication removal in Net::DNS::Resolver::Win32 
     Patch courtesy Risto Kankkunen.

Problem: #11931 used the DNSRegisteredAdapters registry key to determine which
     local forwarders to send queries to. This is arguably the wrong key as it
     is used to identify the server which to send dynamic updates to.

     A real fix for determining the set of nameservers to query has not been
     implemented. For details see

*** 0.48_02 March 14, 2005 (Version 0.49 release candidate 2)

Fix: Bug report by Bernhard Schmidt (concerning a bug on the IPv6 branch).

      The bug caused dname compression to fail and to create
      compression pointers causing loops.

*** 0.48_01 March 7, 2005 (Version 0.49 release candidate 1)

Fix:  #8882  
      No redundant lookups on SERVFAIL response 
      and #6149 	 
      Does not search multiple DNS servers
      Net::DNS::Resolver will now use the other nameservers in the
      list if the RCODE of the answer is not NO ERROR (0) or NAME
      ERROR (3). When send() exhausted the last nameserver from the it
      will return the answer that was received from the last
      nameserver that responded with an RCODE.

      The error string will be set to "RCODE: <rcode from last packet>"

Fix: #8803  

      TXT records don't work with semicolons 

      Since we are expecting presentation format at input a comment
      will need to be escaped ( \; ).

      It could be argued that this is a to strict interpretation of 
      1035 section 5.1.

      While working on this I discovered there are more problems with
      TXT RRs. e.g.; '0100' (a character string content represented in
      hex) is a perfectly legal and should be represented as "\000" in
      presentation format. Net::DNS does pass character strings with
      "non-ASCII" chars from the wire to the char_str_lst array but
      the print functions do not properly escape them when printing.

      Some tests with TXT RRs added to 07-misc.t

      Properly dealing with zone file presentation format and binary 
      data is still to be done.

Fix: Ticket #8483 
	eval tests for DNS::RR::SIG fail when using a die handler 
	(Thanks Sebastiaan Hoogeveen)
      Patch applied.

Fix: Ticket #8608 
	Net::DNS::Packet->data makes incorrect assumptions

      Implemented the "pop" method for the question.
      Since having a qcount that is not 1 is somewhat rare (it appears
      in TCP AXFR streams) the ability to pop the answer from a question
      has not been documented in the "pod"

      Also fixed the incorrect assumption.

      (Thanks Bruce Campbell.)

Fix: Ticket #11106 
      Incorrect instructions in README 

      Corrected in the README and in Makefile.PL

Olaf Kolkman took over maintenance responsibility from Chris
Reinardt. This involved importing the code into another subversion
repository. I made sure the numbers jumped, but I did not have access
to the "original" subversion repository so I lost some of the history.

*** 0.48_01 March 2005 (Version 0.49 release candidate 1)

Fix:  #8882  
      No redundant lookups on SERVFAIL response 
     and #6149 	 
      Does not search multiple DNS servers
      Net::DNS::Resolver will now use the other nameservers in the
      list if the RCODE of the answer is not NOERROR (0) or NXDOMAIN
      (3). When send() exhausted the last nameserver from the it will
      return the answer that was received from the last nameserver
      that responded with an RCODE.

      The errorstring will be set to "RCODE: <rcode from last packet>"

Fix: #8803 
      TXT records don't work with semicolons 

      Since we are expecting "zonefile" presentation at input 
      a comment will need to be escaped ( \; ).

      It could be argued that this is a to strict interpretation of 
      1035 section 5.1.

      While working on this I discovered there are more problems with
      TXT RRs. Eg; 0100 is a perfectly legal character string that
      should be represented as "\000" in a zonefile. Net::DNS does 
      pass character strings with "non-ASCII" chars from the wire
      to the char_str_lst array but the print functions do not
      properly escape them when printing.

      Properly dealing with zonefile presentation format and binary 
      data is still to be done.

Fix: Ticket #8483 
	eval tests for DNS::RR::SIG fail when using a die handler 
	(Thanks Sebastiaan Hoogeveen)
      Patch applied.

Fix: Ticket #8608 
	Net::DNS::Packet->data makes incorrect assumptions

      Implemented the "pop" method for the question.
      Since having a qcount that is not 1 is somewhat rare (it appears
      in TCP AXFR streams) the ability to pop the answer from a question
      has not been documented in the "pod"

      Also fixed the incorrect assumption.

      (Thanks Bruce Campbell.)

Fix: Ticket #11106 
      Incorrect instructions in README 

      Corrected in the README and in Makefile.PL

Olaf Kolkman took over maintenance responsibility from Chris
Reinardt. This involved importing the code into another subversion
repository. I made sure the numbers jumped, but I did not have access
to the "original" subversion repository so I lost some of the history.

>>>>>>> .merge-right.r260
*** 0.48 Aug 12, 2004

Net::DNS is now stored in a subversion repository, replacing cvs.
As such the submodule version numbers have taken another big jump. 
Luckily those numbers don't matter as long as they work.

Fixed a bug with Unknown RR types that broke zone signing [Olaf].

Added callback support to Net::DNS::Resolver::Recurse.  The
demo/ script demonstrates this.

Added a note regarding answers with an empty answer section to the 
Net::DNS::Resolver::search() and Net::DNS::Resolver::query() 

The copyright notice for Net::DNS::RR::SSHFP was incorrect.  That file
is Copyright (c) 2004 RIPE NCC, Olaf Kolkman.

*** 0.47_01 May 6, 2004

** NOTICE **

RR subclasses no longer pull in parts of Net::DNS; Net::DNS is assumed
to be up and running when the subclass is compiled.  If you were using a
RR subclass directly, this may break your code.  It was never documented
that you could use them directly however, so hopefully you never did...

Fixed bug where SRV records with a priority of 0 did not function 
correctly.  CPAN #6214

Calls to various constants where using the &NAME syntax, which is not
inlined.  Changed to NAME().

Added SSHFP support. [Olaf]

CERT fixes.  [Olaf]

*** 0.47 April 1, 2004

safe_push() is back in Net::DNS::Packet, due to the excellent debate
skills of Luis E Monoz.  However, the name safe_push() is deprecated,
use the new name unique_push() instead.

Fixed a bug in Net::DNS::Nameserver which caused the class to build 
packets incorrectly in some cases. [Ask Bjorn Hansen]

Error message cleanups in Net::DNS::typesbyname()
and Net::DNS::typesbyval() [Ask Bjorn Hansen]

Net::DNS::RR::new_from_hash() now works with unknown RR types [Olaf].

*** 0.46 February 21, 2004

IPv6 reverse lookups can now be done with Net::DNS::Resolver::search(),
as well as with query().

Hostnames can now be used in the 'nameservers' argument to 

*** 0.45_01 February 9, 2004

Net::DNS now uses UDP on windows.

Removed Net::DNS::Select from the package.  IO::Select appears to work
on windows just fine.

Fixed a bug that caused MXes with a preference of 0 to function
incorrectly, reported by Dick Franks.

Net::DNS had a few problems running under taint mode, especially under
cygwin.  These issues have been fixed.  More issues with taint mode may
lay undiscovered.

Applied Matthew Darwin's patch added support for IPv6 reverse lookups to

*** 0.45 January 8, 2004

No changes from 0.44_02.

** 0.44_02 January 3, 2004

The XS detection code was broken.  We actually use the XS bits now.

Major cleanups/optimizations of the various RR subclasses.  This release
of Net::DNS is over twice as fast at parsing dns packets as 0.44.

** NOTICE **

$rr->rdatastr no longer returns '; no data' if the RR record has no
data.  This happens in $rr->string now.

Net::DNS::Packet::safe_push() no longer exists.  The method is now only 
available from Net::DNS::Update objects.

** 0.44_01 January 3, 2004

Net::DNS::RR objects were not playing nice with Storable, this caused 
the axfr demo script to fail.  Thanks to Joe Dial for the report.

** NOTICE **
This may cause RR objects that are already serialize to not deserialize

Reply handlers in Net::DNS::Nameserver are now passed the query object.

Fixed a nasty bug in related to the qr bit.  As Olaf

  Replies are sent if the query has its "qr" bit set. The "qr" bit is an
  indication that the packet is sent as a response to a query. Since
  there are more implementations that suffer from this bug one can cause
  all kinds of nasty ping-pong loops by spoofing the initial packet or
  have an infinite query loop by spoofing a query from the localhost:53

Various Win32/Cygwin cleanups from Sidney Markowitz.

*** 0.44 December 12, 2003

	The Wrath of CPAN Release. doesn't understand the nature of revision numbers.  1.10 is 
newer than 1.9; but treats them as floats.  This is bad.
All the internal version numbers in Net::DNS have been bumped to
2.100 in order to fix this.

No actual code changes in this release.

*** 0.43 December 11, 2003

Added warning of deprecation of Net::DNS::Packet::safe_push.  This will
move into Net::DNS::Update, as Net::DNS::Update is now a proper subclass
of Net::DNS::Packet.

** 0.42_02 December 11, 2003

Fixed a long standing bug with zone transfers in the "many-answers" format. 
CPAN #1903.

Added the '--online-tests' flag to Makefile.PL.  This activates the online
tests without asking the user interactively.  "--no-online-tests" turns
the tests off.  

Cleaned up Makefile.PL a little.  The "--pm" flag is now deprecated, use
"--no-xs" instead.

Added support for unknown RR types (rfc3597). Note for developers: the
typesbyname, typesbyval, classesbyname and classesbyval hashes should
not be used directly, use the same named wrapper functions
instead. [Olaf Kolkman]

Added two hashes for administrative use; they store which types are
qtypes and metatypes (rfc2929). [Olaf Kolkman]

** 0.42_01 November 30, 2003

Major work to get Net::DNS functioning properly on Cygwin by Sidney 

Fixed a bug in Net::DNS::Nameserver's error handling.  CPAN #4195

*** 0.42 October 26, 2003

Fixed compilation problems on panther (Mac OS 10.3).

Fixed a bug in Net::DNS::Resolver::Recurse which allowed an endless
loop to arise in certain situations.  (cpan #3969, patch
by Rob Brown) 

Applied Mike Mitchell's patch implementing a persistent UDP socket.  
See the Net::DNS::Resolver documentation for details.

*** 0.41 October 3, 2003

Added some documentation about modifying the behavior of Net::DNS::Resolver. 

** 0.40_01 September 26, 2003

Fixed some uninitialized value warnings when running under windows.

Fixed a bug in the test suite that caused 00-version.t to fail with
certain versions of ExtUtils::MakeMaker.   Thanks to David James, Jos 
Boumans and others for reporting it.

Reply handlers in Net::DNS::Nameserver are now passed the peerhost.
(Assen Totin <>)

Reply handlers in Net::DNS::Nameserver can now tweak the header bits
that the nameserver returns.  [Olaf]

The AD header bit is now documented, and twiddlable. [Olaf]

The change log has been trimmed, entries for versions older than 0.21
have been removed. 

** NOTICE **
Net::DNS::Resolver::axfr_old() has been removed from the package.  
An exception will be thrown if you attempt to use this method.  Use
axfr() or axfr_start() instead.

*** 0.40 September 1, 2003

Various POD tweaks.

** 0.39_02 August 28, 2003

Net-DNS-SEC updates, seems that IETF has been busy redefining DNSSEC.

Added version to all the modules in the distribution.

** 0.39_01 August 12 2003

Added a META.yaml.  The crystal ball says an upgrade to Module::Install may
be coming soon.

Changed how the versions of the various submodules were set.  The CPAN 
indexer cannot execute "$VERSION = $Net::DNS::VERSION".  The single line
with the $VERSION assignment is pulled out of the file and eval'ed; at
that time, Net::DNS is not loaded.  The submodules now pull their version 
numbers out of CVS.

*** 0.39 August 7 2003

Fixed a bug on Win32 where some machines separated lists with commas, 
not whitespace.  Thanks to Jim White for pointing it out.

** 0.38_02 July 29 2003

Reworked the POD for Net::DNS::Resolver.

When parsing resolver configuration files, IPv6 addresses are now skipped,
as Net::DNS does not yet have IPv6 support. 

** 0.38_01 Jun 22 2003

Broke Net::DNS::Resolver into separate classes.  UNIX and Win32 
classes are currently implemented.  Many of the globals in 
Net::DNS::Resolver no longer exist.  They were never documented
so you never used them.... right?
Options to Net::DNS::Resolver->new() are now supported, including
using your own configuration file.  See the Net::DNS::Resolver man
page for details.

Tweaked Net::DNS::RR::TXT to fail more gracefully when the quotes 
in the data section are not balanced.

Add more tests (of course).

Moved next_id() from to (which is where it is

Net::DNS::Select now uses $^O directly, this means that the second
argument to Net::DNS::Select::new() (the OS) is now ignored.

*** 0.38 Jun 5 2003

Various buglets fixed in the new Makefile.PL.

Use Dynaloader instead of XSLoader.  Turns out that XSLoader is only 
in more recent perls.

Added deprecation warning to Net::DNS::Resolver::axfr_old().

HP-UX fixes [cpan #2710], I don't have the name of the reporter/patcher.

*** 0.37 May 28 2003

Renamed the test C file to compile.c, test.c was confusing the 'make test'

*** 0.36 May 28 2003

Removed Rob Brown's RPM stuff.  Something odd happened in the 0.35 tarball
and at the moment I don't have the time to investigate.

*** 0.35 May 26 2003

POD fixes, added tests for POD.

*** 0.34_03 May 22 2003

Reworked Makefile.PL to try and detect if you have a working C compiler.

Added '--pm' and '--xs' command line options to Makefile.PL

Fixed linking problem on linux.

Tie::DNSHash removed from the package, see Tie::DNS from CPAN for a more
complete implementation of a DNS hash.

*** 0.34_02 May 21 2003

Net::DNS::Packet::dn_expand is now implemented using the function of the
same name from libresolv.  This method of decompressing names is around
twice as fast as the perl implementation.

Applied Jan Dubois's patch to fix nameserver lookup on Windows 2000/95/98/ME.

*** 0.34 6 Mar 2003

Applied David Carmean's patch for handling more than one string in a 
TXT RR's RDATA section.

Applied Net::DNS::Resolver::Recurse bug fixes from Rob Brown.

Added check of the answer's rcode in Net::DNS::Resolver::axfr_next().

Applied Kenneth Olving <> Windows changes.

Applied patch from Dan Sully ( allowing multiple
questions to be part of a DNS packet.

*** 0.33 8 Jan 2003

Fixed 00-load.t to skip the Net::DNS::SEC modules.  The test suite
should now pass if you have Net::DNS::SEC installed. 

Fixed the regular expression in to comply with the RFCs, turns
out we were _too_ paranoid.  [Olaf]

*** 0.32 5 Jan 2003

Various cleanups for perl 5.004.  Thanks to
([cpan #1847])

Applied Olaf's SIG patch (thanks as always).

Win32 now looks at the environment variables when building the 
configuration defaults.  Thanks to 
(That's the only name I have... [cpan #1819])

Added Rob Brown's Net::DNS::Resolver::Recurse module.

*** 0.31 17 Nov 2002

Applied Olaf's patch for an initialization bug in

Applied Rob Brown's patch for udp timeouts.

Added stuff from Rob Brown for making RPM creation easier.

Fixed a typo in FAQ.pod that was making apropos and whatis
grumpy.  Thanks to Florian Hinzmann for pointing it out and a patch.

*** 0.30 7 Nov 2002

Applied Andrew Tridgell's ( patch for TKEY support.

Added Net::DNS::Packet->safe_push() to allow for automatically
checking for duplicate RRs being pushed into a packet.  Inspired by Luis

Added more tests.

*** 0.29 2 Oct 2002

Fixed $_ from creeping out of scope in Thanks to
Ilya Martynov for finding the problem and the patch to fix it.

Fixed divide by zero bug there is no usable network interface(s).
Thanks to, misiek@pld.ORG.PL (and one other
person that I can't seem to find the address of) for reports. 

*** 0.28 20 Aug 2002

Fixed a bug in the new AUTOLOAD routines that made it impossible to set
attributes to '0'.

Fixed a bug in the RR patch that broke many updates. 

*** 0.27 15 Aug 2002

Added (untested) support for perl 5.004.

We now allow whitespace at the beginning of a RR.

Fixed an issue that gave Net::DNS::SEC problems, %Net::DNS::RR::RR is now 
in a scope that the Net::DNS::SEC hook can see it from.

Fixed SRV records.

Fixed debug message in Net::DNS::Resolver::bgread().

*** 0.26 5 Aug 2002

Fixed various bugs in the test suite.

Fixed warning in Net::DNS::RR::AUTOLOAD with perl 5.005.

Olaf Kolkman <>
Chris Reinhardt 
Michael Fuhr