place where the NOQNAME proof needed to be saved.
[RT #32629]
Squashed commit of the following:
commit cdef844f57bd3eb30b1f77135b89b6f9360e8bee
Author: Mark Andrews <marka@isc.org>
Date: Sat Feb 16 00:27:14 2013 +1100
whitespace
commit 60eb7e3f6cdd102d6aaf0fb4ada8c552576e4502
Author: Mark Andrews <marka@isc.org>
Date: Sat Feb 16 00:19:51 2013 +1100
return noqname proof with +cd and dlv
3486. [bug] named could crash when using TKEY-negotiated keys
that had been deleted and then recreated. [RT #32506]
commit 6a48b9999766d26cddc7cef275cd984b7d53c014
Author: Evan Hunt <each@isc.org>
Date: Tue Jan 29 14:59:46 2013 -0800
[rt32506] don't dump key if dump is unimplemented
commit d0ae0f44b460bab2e8bb24bba683d3ef69ec1765
Author: Evan Hunt <each@isc.org>
Date: Tue Jan 29 14:42:25 2013 -0800
[rt32506] make sure LRU needs adjusting before adjusting it
commit 0437f8f06b1cb72a6d5e3c30f27febca23846d95
Author: Evan Hunt <each@isc.org>
Date: Tue Jan 29 12:28:28 2013 -0800
[rt32506] demonstrate bugs in tkey test
new stats that were added for 9.10 (changes 3319-3326) were not
all updated when the new statistics schema was merged (change 3418).
3484. [bug] Some statistics were incorrectly rendered in XML.
[RT #32587]
- rndc zonestatus now checks the signing time on the
signed, not raw, db when looking at inline-signing zones
3476. [bug] "rndc zonestatus" could report a spurious "not
found" error on inline-signing zones. [RT #29226]
- check for NSEC3 in empty nodes when not due to optout delegations
- fixed typo in output ("Bad record NSEC record")
- incidentally fixed an error in signzone that caused an
incorrect warning about missing DNSKEYs when using -S
and -3 together
3473. [bug] dnssec-signzone/verify could incorrectly report
an error condition due to an empty node above an
opt-out delegation lacking an NSEC3. [RT #32072]
- handle malformed answers from DLZ better:
- handle dlz_lookup errors better:
when the first lookup of a name returns an unexpected failure code,
we return it to the caller rather than continuing on to look up
the wildcard. we now only continue processing if the return from
the first lookup was either ISC_R_SUCCESS or ISC_R_NOTFOUND.
- improved backward-compatibility for dlz_version:
added a DLZ_DLOPEN_AGE value indicating how many versions
back from the current DLZ_DLOPEN_VERSION named will support
3468. [security] RPZ rules to generate A records (but not AAAA records)
could trigger an assertion failure when used in
conjunction with DNS64. [RT #32141]
