3.5
=====
[1] Crash triggered by zone_refresh with broken connection to LDAP was fixed.

[2] Code was changed to not trigger false positives in Clang static analyzer.

[3] Persistent search is enabled by default.

[4] Options cache_ttl, psearch and zone_refresh were formally deprecated.

3.4
=====
[1] Crash during BIND shutdown caused by race condition in update processing
    was fixed.

3.3
=====
[1] Crash triggered by missing sasl_user parameter was fixed.

[2] IPv6 handling in PTR record synchronization was fixed.
    https://fedorahosted.org/bind-dyndb-ldap/ticket/118

[3] Authentication settings are validated more strictly.
    Conflicting options are reported and prevent named from starting.

[4] Automatic empty zones defined in RFC 6303 are automatically unloaded
    if conflicting master or forward zone is defined in LDAP.
    https://fedorahosted.org/bind-dyndb-ldap/ticket/119

[5] Configuration without persistent search is now deprecated
    and informational message is logged. Support for zone_refresh
    will be removed in 4.x release.
    https://fedorahosted.org/bind-dyndb-ldap/ticket/120

3.2
=====
[1] An error in dynamic update/transfer/query policy is interpreted as
    most restrictive policy, i.e. nobody is allowed to update/transfer/query
    the zone.
    https://fedorahosted.org/bind-dyndb-ldap/ticket/116

[2] Attempts to update zones with idnsAllowDynUpdate == FALSE are logged.

[3] TTL values > 2^31-1 are interpreted as 0.
    https://fedorahosted.org/bind-dyndb-ldap/ticket/117

[4] All RR types supported by BIND are automatically supported by plugin.
    From now it is enough to add new attribute type to LDAP schema,
    no recompilation is required.

[5] PTR record synchronization deletes only PTR records, but no other records
    (e.g. TXT) under names in the reverse zone.

[6] Various improvements related to logging (dynamic updates, PTR record
    synchronization, LDAP error handling).

3.1
=====
[1] Crash caused by zone deletion introduced by 
    https://fedorahosted.org/bind-dyndb-ldap/ticket/99
    was fixed.

3.0
=====
[1] DNAME records are supported. DNAME attribute was changed to single-valued.
    https://fedorahosted.org/bind-dyndb-ldap/ticket/63

[2] Master and forward zones now have separate object classes:
    idnsZone and idnsForwardZone. idnsForward* attributes in idnsZone object
    class will have old semantics for some time.
    https://fedorahosted.org/bind-dyndb-ldap/ticket/99

[3] Settings system was heavily refactored. From now, unknown options in
    configuration file cause error. DNS dynamic updates should create
    slightly lower load on LDAP server because of settings 'cache'.
    https://fedorahosted.org/bind-dyndb-ldap/ticket/53
    https://fedorahosted.org/bind-dyndb-ldap/ticket/81

[4] Deadlock triggered by PTR record synchronization was fixed.
    https://fedorahosted.org/bind-dyndb-ldap/ticket/113

2.6
=====
[1] Invalid zones are automatically reloaded after each change in zone data.
    https://fedorahosted.org/bind-dyndb-ldap/ticket/102

[2] Plugin periodically reconnects when KDC is unavailable.
    https://fedorahosted.org/bind-dyndb-ldap/ticket/100

[3] Invalid wildcard name in update-policy no longer crashes BIND.
    https://fedorahosted.org/bind-dyndb-ldap/ticket/108

[4] Crash caused by idnsAllowSyncPTR attribute in global configuration object
    in LDAP was fixed.
    https://fedorahosted.org/bind-dyndb-ldap/ticket/110

[5] Crash caused by invalid query/transfer policy was fixed.
    https://fedorahosted.org/bind-dyndb-ldap/ticket/109

[6] Crash caused by 'zonesub' match-type in update ACL was fixed.
    https://fedorahosted.org/bind-dyndb-ldap/ticket/111

[7] Support for update-policy match type 'external' was added.

[8] Various improvements related to logging.

2.5
=====
[1] Fix crash during per-zone cache flush.
    https://fedorahosted.org/bind-dyndb-ldap/ticket/107

2.4
=====
[1] Missing SOA serial number in zone object is treated as 1.
    https://fedorahosted.org/bind-dyndb-ldap/ticket/103

[2] Each zone has separate record cache. It should prevent problems
    during record rename.
    https://fedorahosted.org/bind-dyndb-ldap/ticket/91

[3] False warning 'zone serial (2012060301) unchanged' should not pop-up.
    https://fedorahosted.org/bind-dyndb-ldap/ticket/79

[4] New option 'verbose_checks yes' enables more verbose logging.

[5] Various error handling and logging improvements.
    All bugs reported by Clang static analyzer were fixed.

[6] Dead code cleanup.

2.3
======
[1] Global forwarders from named.conf were ignored.

[2] Master zone is now unloaded if idnsForwaders attribute is set at run-time.

[3] Internal record cache is flushed after any change in forwarders.

2.2
======
[1] Compatibility with BIND 9.8 was restored.

2.1
======
[1] Forward policy "none" was introduced.

[2] Internal record cache is flushed properly on new forward zone load.

[3] Forwarding will be disabled after deleting associated forward zone.

2.0
======
[1] SOA serial number can be incremented automatically after each change
    in LDAP database. (Configuration option "serial_autoincrement".)

[2] It was possible to DoS named service via quiery which contained
    $ character. CVE-2012-3429 was fixed.

[3] DNS Dynamic Update returns codes NOTAUTH and REFUSED properly.

[4] BIND doesn't refuse to start if initial connection times out.

[5] Object renaming (LDAP moddn) in persistent mode is handled properly.

[6] Internal record cache is flushed properly after reconnection
    to the LDAP server (in configurations with persistent search).

[7] Simple time-based deadlock detection code was added. Error message
    is printed after 10*(timeout) seconds.
    Some deadlocks in various situations with low connection count were fixed.

[8] Libdns interface version >= 90 is supported properly.

[9] Zone transfers were fixed. Records with non-FQDNs are handled properly.

[10] Logging was improved.

[11] Memory leaks in dynamic update, persistent search, ldap_query
     and configurations with multiple plugin instances were fixed.

[12] Version numbering format changed to: [features].[bugfixes]

[13] Many other bugfixes

1.1.0rc1
======

[1] It was possible to DoS named service via query which contained non-alphabet
character. (CVE-2012-2134)

[2] The plugin wrote ambiguous "zone has been removed" messages to the log.

[3] The plugin failed to return A/AAAA delegation glue records.

[4] Fixes for memory leaks in code which handles Kerberos authentication.

1.1.0b2
======

[1] The plugin could incorrectly updated SOA record fields.

[2] The plugin could crashed on shutdown/reload when no zones in LDAP are
present.

[3] When using psearch, plugin could hung on shutdown/reload when connection to
LDAP was lost.

1.1.0b1
======

[1] Add support for IPv6 elements in idnsForwarders attribute
and make syntax compatible with BIND9 forwarders.

[2] Fix bug which caused named to crash during reload when failed to make a
connection to LDAP.

[3] Plugin is now able to fetch certain configuration options from LDAP. Check
README for more information.

[4] Many other bugfixes.

1.1.0a2
======

[1] Fix some errors reported by Coverity tool.

[2] Persistent search didn't propagate added/modified RRs to cache.

[3] DNS delegation now works fine.

[4] Relative domain names in resource records weren't expanded correctly
when psearch was used.

[5] The plugin could crash when LDAP contained DNS name with no data.

[6] Reworked idnsAllowQuery and idnsAllowTransfer support. We now 100% follow
BIND9 syntax.

[7] Fixed various bugs in code which synchronizes A/AAAA and it's PTR records.

1.1.0a1
======

[1] The plugin now skips only invalid record instead of the whole DN
when DN contains multiple records and one is invalid.

[2] New option "sync_ptr". When set to "yes" the plugin automatically
updates corresponding PTR records when A/AAAA update is received.
Zone must not have "idnsAllowDynUpdate" set to "no".

[3] New zone attribute idnsAllowSyncPTR which allows to enable PTR
synchronization per-zone.

[4] New idnsForwarders and idnsForwardPolicy attributes. You can set per-domain
forwarding with those options. See BIND 9 Administrator reference manual,
description of "forwarders", forward zones and "forward" options for details.

[5] Added support for zone transfers. Only AXFR is supported now.

[6] The plugin now periodically reconnects to LDAP when the first connection
attempt fails.

[7] New object class idnsConfigObject can be used to store plugin configuration
in LDAP. Only idnsForwarders option is currently supported. In future it's
planned to allow to store every bind-dyndb-ldap option valid in named.conf to be
stored in LDAP.

[8] Persistent search feature was extended to resource records.

[9] Many bugfixes, see git log for details.

1.0.0rc1
=======

[1] When connection to the LDAP was lost, the plugin didn't call the ldap_bind
during reconnection.

[2] Added new option "ldap_hostname" which allows to set LDAP server hostname
when it is different from actual /bin/hostname. This option sets the
LDAP_OPT_HOST_NAME option.

1.0.0b1
======

[1] Added new boolean option called "psearch". When this option is set to "yes"
then plugin will use advantage of psearch
(http://tools.ietf.org/id/draft-ietf-ldapext-psearch-03.txt) to immediately
fetch new/modified/deleted zones from LDAP database. Note that the LDAP server
has to support the psearch as well.

[2] The plugin failed to set update ACLs for zones correctly.

[3] The FreeIPA CLI could have created update-policy attributes which contained
FQDNs ending with double-dot. Added a workaround to parse such crippled FQDNs.

[4] Race condition in semaphore_wait() could have caused server to hang.

[5] Major changes in the plugin code to make it more maintainable and readable.
