2.06	minor bugfixes to simple-search mode (thanks =?gb2312?B?uai/qurN?=)

	Oliver Tschaeche points out we're missing some SOA answers.

	Steven McCoy added support for LDAP URLs.

	Chris Garrigues points out LDAPDNS couldn't make DomainKeys. This
	behavior has changed finally.

	minor bugfix to hash algorithm. i knew there was a reason I was
	getting so many collisions.

2.05	minor bugfixes

	reworked the meaning of @ and $SCHEMA=ldapdns to be more like
	LDAPDNS 3.

	fixed a potential crash due to misconfiguration.

2.04	Giacomo Cariello fixed an AXFR bug that seems to occur with a different
	version of OpenLDAP than I have.

	protect AXFR from being used with $SCHEMA=ldapdns

	LOG _was_ commented out of init scripts... now it isn't. package
	maintainers and non-djbish users can now have logging

	Jeff Clark submitted some changes to fix RELATIVE NAMES and to
	workaround the fact that openldap > 2.1.8 no longer has the
	client side cache.

	the configure script can now detect openldap 2.1.8 and greater

2.03	whoops... changed both NS reponses to ANSWER instead of swapping
	them. Thanks Andreas!

2.02	Paul Fleischer found a bug in the SOA parsing code; The code now
	works with non-GNU compilers...

	will now give NS answers even if no other answers are possible...

	fixed possible memory leak when using $SELFNS

	@ translation for nSRecord now occurs earlier and hopefully a bit
	more consistantly.

2.01	rollover into 2.01

	versioning scheme changed to make package maintainers' jobs easier

	debian packages updated (slightly)

	jd@epcnet.de added fixes to use minimum as ttl instead of refresh-time,
	SOA handling for DENIC, and a tool for converting BIND9 zones using
	dig: http://www.dolze.de/ldapdns/zone2ldif.tgz AND a fix for segfaults
	when using split-horizon wrong :)

	bugfix for AXFR; supports communication with BIND9 now...

	sOARecord can now simply be a serial number (request)

	tries to detect the difference between a version 2 and version 3
	LDAP server.

	DN_MODE_LDAPDNS was moved to 0x03 and the default is now DN_MODE_COSINE

	associatedDomain can now be used with $SCHEMA=LDAPDNS for finding the
	root of a DNS zone.

	from the mailing list, we have a new way of determining our local
	domain name... expect domainname.sh to get better...

2.00-10	minor bugfix (LOG_PERROR reverse logic)

	better detection of solaris (Jason Parsons)

	incorporated changes from jd@epcnet.de

	Giacomo Cariello suggested environment variables for DEFAULT_*
	settings. This is now done. the defaults also are more favorable
	to other national nics.


2.00-9	sorry i've been gone for so long

	initial debian support now (yay!)

	some changes to the documentation

	changes to the configure script that may help linking against a static
	OpenLDAP lib on Solaris.

	install.sh tries TRUEPREFIX if the PREFIX was empty

	Giacomo Cariello brought to my attention a problem with the *BSDish
	systems. if tm_isdst is set, then they will currently fail if the
	current timezone would yield an invalid value (instead of normalizing
	it like other operating systems do). I detect this, and a few other
	weird values from mktime() and make an effort to do the right thing
	(disabling daylight savings time). This WILL cause a problem if you
	use zone transfers on these machines when DST goes into effect. The
	real solution? Have your LDAP server run in UTC (they don't honor DST)
	and run your LDAPDNS in UTC as well. See? Problem solved!

	changes from Mariano Absatez added to get LDAPDNS to use LDAPv3-
	even if it doesn't do any version-3 related things (yet). This seems
	to me to be a bug in OpenLDAP 2.1; but PureFTPd works around it
	similarly so I see no reason not to...

	Giacomo Cariello also noticed a problem with sOARecord attributes,
	and especially problems with getting serial numbers working. this
	has been fixed. sOARecord now overrides modifyTimestamp attributes in
	the directory.

2.00-8	minor bugfixes that should work around bugs in solaris headers

	some modifications for the init-scripts so that suse's insconfig
	will work.

	syslog support now working after chroot()

2.00-7	bugfix by Ilya: additional (needed) locking

	some timing bugs that would cause lots of error messages to pop up.
	could hang ldapdns under extremely _low_ load.

	now returns NXDOMAIN by default if zonesearch fails.
	
	Ilya found a hangup; if you restart OpenLDAP on a SMP box, ldapdns
	_might_ freeze. It's been announced as fixed, and here :)

	AXFR SOA now returns the name nameserver as other SOA lookups :)

	minor fixes to DNS ordering (as per the mailing list)

2.00-6	bugfix in dns_packet_skipname()
	[i never use it... but hey :) ]

	AXFR searches use less memory now (not dependent on amount of data)

	fix to configure script searching for poll()

	bugfix in config.pl (admin scripts)

2.00-5	more AXFR bugfixes (message ordering)
	
	added response_axfr() functions (for dealing with axfr dialog)

	a few other minor bugfixes

	if you need AXFR, this is the release for you
	-- it actually works again :)

2.00-4	bugfix for AXFR (all modes)

	bugfix to engine.c (registering garbage collector)

2.00-3	bugfix for freebsd (ip4/ip6: zero out the sockaddr)

	bugfix concerning treatment of $AXFR and $ROOT/axfr not consistant
	with documentation

	workarounds for memset/bzero/memcpy/etc not being present

	malloc/free replaced with mem_alloc and mem_free that use a preallocated
	buffer like djb - but if they run out will dump the ldap cache (as a last
	ditched effort) -- whether or not this is a good idea is best left to the
	people that actually run out of memory :)

2.00-2	bugfix release

	fix to redhat spec
	fix to supervise mode (wrong pid being written)

	fix to hash table (now copies the key)
	(change to engine.c to reflect this)

2.00-1	bugfix release

	supervise mode fixed
	modifications to configure to search for pthread_kill_other_threads_np

	logging code fixed (LOG=/path/tofile and LOG=|program)

2.00	welcome to ldapdns 2.00

	new env: $DNS_THREADS and $LDAP_THREADS - this should provide faster
	response on picking up queries

	now automatically grows the number of handlers as needed; you can
	still use $HANDLERS to "preload" the number of initial handlers.

	$HANDLERS=0 means to use the default 2(l+d)
	$HANDLERS=1 _really_ means to use a special 1:1 mapping
		* this configuration works _really_ well for systems with
		poor scheduling (or perhaps just poor threads) like OpenBSD
		and FreeBSD -- it is REALLY not good at all for SMP systems
		* AXFR will _always_ use this configuration in tcpserver mode

	and with that: the interface is now stable. only bugfixes on this
	branch now.

	/var/state/ldapdns was changed to /var/lib/ldapdns

	split-horizon works again

2.00z	alterations to the message loop (lagging that only shows up under
	extremely high loads)

	various commenting fixes

	reorganized the startup proceedure

	swapped the meanings of NO_ADDITIONALS/NO_ADDITIONALS_NS (to better
	coincide with what you think they should do)

	IPV6 transport may be working now (try IP=::)
		* note, i don't have IPv6 on my own systems... it is up to YOU
		to help debug this.


2.00y	minor bugfixes to the sysvinit scripts (systems without /sbin in path)

	modifications to install.sh and ldapdns.spec supplied by 
	mark@rubberchicken.org

	better random number generation

	calculated simple searches; using foobar.mydomain.com, can find:
		dn: cn=person, o=myorg
		cn: person
		dc: foobar
		aRecord: 192.168.0.1
	(see README.search)

	more workarounds for MS-DNS

	preliminary IPV6 support - note this is for using IPV6 as a transport,
	not answering AAAA and friends. use generic records for those things
	for now... (mostly just parsing stuff)

2.00x	it's been a bumpy ride these past few versions. this stabalizes things

	minor bugfixes to DNS-name compression code

	minor bugfixes to subrequest code

	GNU-style configure script

	running out of handlers is no longer a fatal error

	threads<->handlers are now balanced via load

	we now use OpenLDAP's modifyTimestamp for a serial number. this
	makes zone transfers actually possible (and sane) using ldapdns with
	BIND secondaries

	sets the [aa] and [ad] bits like BIND (not like djbdns anymore)

	reverted to the 2.00t message loop. I removed my semaphore library.

	dns_* functions renamed tp_* for "transport"

	the INSTALL documentation is a lot less threatening :)


2.00w	we skipped 'v' because it looks silly right after 'u' :)
	but that's okay, because there's lots of silly updates

	we're getting close to the end of the 2.00 interface stabilization.
	if there's ANYTHING ELSE you think you wanted to see in the 2.00 tree,
	now is the time to bring it up.

	generic records format changes; 0xFF in photo must be escaped as 0xFF00
	this is to accomodate name compression for SRV records

	new administrative tools: add_generic_record and set_generic_record
	see the README.generic-rr for details

	can specify a non-standard port with $PORT

	preliminary NETBIOS support. set PORT to 137 and NETBIOS=1
	if you want to answer NETBIOS WINS/NBNS queries
	* note, this code depends on NS-UPDATE... until that's finished,
	* you cannot use ldapdns as a full-fledged WINS server

	works around a bug in MS-Proxy Server and MS-DNS:
		apparently MS-XXX claims SOA for all cached domains.
		it forwards all requests as ANY requests, and only caches
		this information. if an SOA isn't provided, MS-XXX will
		use it's own to "remember" that it's cached wrong.

		so now we're back to really old behavior: we `include' SOA's,
		no matter how wasteful, with every "ANY" request.

	Ilya V Kotusev rewrote the message loop again to use semaphores. This
	looks a lot cleaner.

	OpenBSD 2.9 and earlier don't have POSIX 1003.1b semaphores. there is
	a (partial) pthread-only implementation in sem.h that works well enough
	for ldapdns. If you have a better one, use -DHAVE_SEMAPHORE and it'll
	use your system-installed one.
		*Under Linux, you SHOULD use the linuxthreads semaphore library.
		You will not like what can happen if you do not.
	
	$NS or $NS1 $NS2 $NS3... can fudge up nameservers returned. This is
	useful to many people taking over control over domains that list
	different records in the root nameservers.

	$SELFNS allows you to specify a "root nameserver node" for the SOA.
	we'll see just how useful this is later on.

	nSRecord attributes can contain a single '@' which will allow them
	to be considered as roots of a zone, but emitting nameservers will
	only emit those supplied with $NS or $NS1 $NS2 $NS3...

2.00u	minor bug in engine.c -- slowed recovery slightly.

	minor bug in install.sh; doesn't get "named" 's uid properly

2.00t	built-in supervise works a little better

	added some more entries to the FAQ

	tries to restart ldap connections for more kinds of errors.

	tries to balance ldap connections to different hosts better,
	rebalances if one goes down

	Ilya V Kotusev learned more about OpenLDAP's reentrancy(sic) and
	rewrote the message loop. It should never block now.

	He also changed is to that if openldap is taking it's sweet ass
	time, we no longer send SERVFAIL -- we just stop talking.

	the makefile should work without GNU make now...

2.00s	try to avoid hanging ldapdns if stderr is missing

	the ability to disable ADDITIONAL section usage has been added.
	this could give the illusion of being able to handle more requests by
	simply forcing the client to make more. use the source. PDNS and
	Incognito DNS COMMANDER both do this. I think it's a bad idea, but
	if you want pretty benchmarks for LDAPDNS and you want to compare
	against PDNS and DNS COMMANDER, you should probably enable this
	setting (disable ADDITIONAL/SUBREQUEST)

	Address records can now be randomized with SCHEDULE_ARECORD=random

	Fixed a bug in DNS name decoding (NOTIFY and UPDATE)

	NSUPDATE support added (does everything but actually modify
	the directory... stay tuned)

	$TIMEOUT (or $TIMEOUT_TCP) will hangup on idle tcp seconnections
	(in seconds)

	$ALWAYS_HANGUP (or $ALWAYS_HANGUP_TCP) if set will always hangup after
	each TCP connection. I don't know why this is important... it may
	disappear...

	running out of handlers is now a fatal error. you are using
	supervise, aren't you? :)

	install.sh now creates a sample configuration file with RUN_UID
	and RUN_GID already set when using RPM...

	rpm builds require less fiddling now...

2.00r	added support for handling more than just "QUERY"

	rewrote logging code (removed gcc-dependant parts)
	it should now build on other compilers. can anyone verify?

	NOTIFY operation support added; runs program in $HELPER_NOTIFY

	some IXFR support added

	minor bugfix to tcp server code when using inetd/xinetd/etc

2.00q	fix potential DoS when AXFR fails
	bugfix to the RPM specfile (required openldap-server, that was wrong)

	fixes to install script

	new: sysvinit files in sysvinit/
	sample configurations in sample/

	installation documentation cleaned up some

	changes to hashtab library (minor)

	bugfix to tcpserver by Ilya V Kotusev; useful for high-latency
	connections (small TCP packets)

	started building debian install scripts. they don't work yet.

2.00p	more bugfixes to AXFR. djb's axfr-get works flawlessly now

	zone transfers now confirmed to work with named-axfr

	hashtable now supports true integers- this is to help work around a
	bug in dealing with big-endian machines; this should solve problems with
	sparc and mips architectures.

2.00o	another bugfix to AXFR differentiation

2.00n	bugfix to logging display

	bugfixes from Ilya V Kotusev help standalone AXFR work

	AXFR is now working "properly" (as per the documentation,
	and as per ldapdns-1 series)

2.00m	bugfix to transfer_zone
	bugfix to secondary_zone (making it actually useful)

	doesn't respond the name name over and over again in additional :)

	putting a '*' in the sOARecord automatically causes failure.
	this is useful for operations that resell dns-space...

	Chris Jantzen made it possible to bind anonymously, and found a
	typo in install.sh (/command instead of /commands)

	bugfix to put responses in correct sections

	client differentiation now possible for AXFR requests

2.00l	fixes to parts that tried to snoop inside bin-structs manually. this
	solves some problems on redhat boxes.

	some minor changes to the INSTALL file

2.00k	now puts the IP addresses of nameservers in the ADDITIONAL section
	
	fixed a bug where ldapdns could close it's server fd

	fixes to cond operation; the cond always caused timeouts to occur.
	things are back to normal speed now

2.00j	should not waste quite as many CPU cycles; now using pthread_cond to
	determine whether or not we've started processing a ldap connection.
	this should give better performance under lighter loads.

	added some new entries to the FAQ

	sleep-svc dropped; use $SUPERVISE to enable self-supervising mode

	some fixes to the core that saves a poll() in tcp-server mode
	when handlers are full.

	setting AXFR now possible at request-time; new switch-file "axfr"
	contains same format as "switches" except that the ascii string is
	what is used as the AXFR base (same as if $AXFR was set to it)


2.00i	three bugs found by Przemyslaw Wegrzyn that affected SOA transmission.
	two prevented the hostmaster field from being honored; the other put
	the SOA in the correct part of the query.

	syslog support integrated into ldapdns/ldapaxfr; simply set LOG=syslog
	you can disable syslog usage by removing HAVE_SYSLOG from Makefile

	syslog-svc removed (no longer needed)

	made the TCP client (ldapaxfr) actually work

	started work on standalone AXFR server. this is still experimental;
	there are some locking issues that need to be resolved.

2.00h	this release should fix problems running on RedHat 7.2 systems
	cleaned up a few (minor) things

2.00g	added a comparison chart
	new admin scripts: dhcp_names and samba_names for integrating
	ISC's DHCP and SAMBA with your nameserver

	bugfix in ldapdns-conf/ldapdns-axfr repaired
	a manifest was added

	bugfix that causes a coredump when used by some stupid resolvers
	(namely nslookup) - of course, i suppose this means that I'm stupid
	for falling for their tricks...

2.00f	a new mechanism for client differentiation has been added:
	for aRecords, you can specify the target as:
		subnet/cidr=realtarget
	which will only return this record if the client matches the listed
	subnet. this has the added benefit of not requiring any local files,
	BUT can cause problems if your network is mobile.

	fixed some message-ID reuse bugs; resolving some thread-clobbering
	bugs.

2.00e	some textual changes
	added some more entries to the FAQ (openldap bashing)
	stopped using some obsolete ldap functions
	reintegrated kerberos/sasl support
	added README.using-rpm

	put locking around use of stderr; hopefully this will improve
	log readability

	made it possible for the ldap connections to restart

	flipped this file upside down :)

2.00d	added .spec file for RPM users
	included tools to start ldapdns without daemontools
	bugfix to ldapaxfr-conf (writes correct program name now)

2.00c	ip/port now loaded in tcpserver.c
	client differentiation similar to tinydns (only for aRecord)

2.00b	new install script
	security checks on root/password
	full threading support (see faq)

2.00a	core rewrite: all djb code dropped, rereleased under GPL.
	this release adds support for pthreads for improved performance


1.09	new feature: LDAPDNS_ACCELERATE_CACHE
	see the FAQ for details

	(initial) kerberos/sasl support

1.08	transitional: bugfixes for RFC1279 support
	bugfixes to ldapaxfr when doing PTR delegation

1.07	bugfix found by mg@bindone.de - he may not have found out what the bug
	actually was doing, but the problems associated with it were still
	fixed. kudos to zen.

	small bug found by steki@verat.net in ldapaxfr.c - could be used to
	segfault it under (unusual) conditions. fixed. oddly enough, i could
	never reproduce it -- the code in that part is identical to djb's own
	axfrdns... odd...

	the one most wanted feature: real PTR records. i'm still very opposed,
	but using the environment variable "LDAP_SEEALSO" will allow ptr
	records (encoded as a distinguished name) in the seeAlso attribute
	to exist. these are NOT CHECKED: they are simply reported the same way
	the LDAP server would. note that using LDAP_SEEALSO disables the
	normal (normal for ldapdns) CNAME overloads....

1.06	better RFC 2317 support; if it's not in-addr.arpa domain, but we don't
	have the real-results in our directory, we respond CNAME anyway.

	reworked some things to help get rid of gcc compiler warnings; proper
	casting, union tricks, etc.

1.05	merging changes to 1.03 from jordan@mjh.teddy-net.com
	- new admin tool secondary_zone: like transfer_zone but reads from a
	  BIND zone file... for people that want to use ldapdns as a secondary
	  for a while...
	- PTR/CNAME extensions to support RFC 2317 -- see the FAQ
	- configuration tool fixups (change ownership of env/ROOT)
	- ldapdns supports new env: RELATIVE_NAMES that allows names found in
	  cNAME and mX (and etc) to be relative like bind...
	- can specify hostmaster now on a per-zone basis
	- can now perform anonymous binds

1.04	ldapdns can now speak to Active Directory and in-place of BIND+LDAP
	- understands dnsRecord attributes ala [RFC 1279]
	- understands dnsRecord attributes ala Microsoft-DNS

1.03	added more entries to the faq
	had ldapdns bomb out on ldap queries faster

1.02	fixed transfer_zone
	started the changelog
	and added some entries to the FAQ...

1.01	prepared admin scripts

1.00	initial release

0.99	not-released:	worked around memory leak

0.98	made CNAME's work like i want...
