upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-04-15 22:09:31 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
42880 commits 18 branches 854 tags 440 MiB
Commit graph

625 commits

Author SHA1 Message Date
Mark Andrews
62ec9fd168 3733. [func] Improve interface scanning support. Interface 
information will be automatically updated if the
                        OS supports routing sockets.  Use
                        "automatic-interface-scan no;" to disable.

                        Add "rndc scan" to trigger a scan. [RT #23027]
 2014-02-07 17:16:37 +11:00
Mark Andrews
e20788e121 update copyrights 2014-01-16 15:19:24 +11:00
Evan Hunt
ba751492fc [master] native PKCS#11 support 
3705.	[func]		"configure --enable-native-pkcs11" enables BIND
			to use the PKCS#11 API for all cryptographic
			functions, so that it can drive a hardware service
			module directly without the need to use a modified
			OpenSSL as intermediary (so long as the HSM's vendor
			provides a complete-enough implementation of the
			PKCS#11 interface). This has been tested successfully
			with the Thales nShield HSM and with SoftHSMv2 from
			the OpenDNSSEC project. [RT #29031]
 2014-01-14 15:40:56 -08:00
Tinderbox User
2cf1d5b098 update copyright notice 2014-01-12 23:46:23 +00:00
Mark Andrews
fb756ba304 3703. [func] Prefetch about to expire records if they are queried 
for, see prefetch option for details. [RT #35041]
 2014-01-12 21:29:15 +11:00
Mark Andrews
2bdfb330af update copyrights 2013-12-05 15:04:53 +11:00
Evan Hunt
bee9a28af0 [master] clearer "not found" message for rndc commands 
3683.	[cleanup]	Add a more detailed "not found" message to rndc
			commands which specify a zone name. [RT #35059]
 2013-12-04 12:47:56 -08:00
Mark Andrews
c3c8823fed 3681. [port] Update the Windows build system to support feature 
selection and WIN64 builds.  This is a work in
                        progress. [RT #34160]
 2013-12-04 12:47:23 +11:00
Evan Hunt
af9f195c9e [master] add product description 
3568.	[cleanup]	Add a product description line to the version file,
			to be reported by named -v/-V. [RT #33366]
 2013-05-03 15:08:45 -07:00
Tinderbox User
313b0ea9f2 update copyright notice 2013-03-23 23:46:06 +00:00
Evan Hunt
67adc03ef8 [master] add DSCP support 
3535.	[func]		Add support for setting Differentiated Services Code
			Point (DSCP) values in named.  Most configuration
			options which take a "port" option (e.g.,
			listen-on, forwarders, also-notify, masters,
			notify-source, etc) can now also take a "dscp"
			option specifying a code point for use with
			outgoing traffic, if supported by the underlying
			OS. [RT #27596]
 2013-03-22 14:05:33 -07:00
Evan Hunt
9ffd0f0270 [master] "rndc validation check" 
3512.	[func]		"rndc validation check" reports the current status
			of DNSSEC validation. [RT #21397]
 2013-03-04 12:00:51 -08:00
Evan Hunt
4f9f8fa052 [master] add "config-time" to stats/status 
3510.	[func]		"rndc status" and XML statistics channel now report
			server start and reconfiguration times. [RT #21048]
 2013-03-01 15:07:40 -08:00
Curtis Blackburn
53a4e18582 3509. [cleanup] Added a product line to version file to allow for 
easy naming of different products (BIND
                        vs BIND ESV, for example). [RT #32755]
 2013-03-01 16:24:12 -06:00
Mark Andrews
8e5fce1f9c update copyrights 2013-03-01 10:39:29 +11:00
Evan Hunt
501941f0b6 [master] add geoip support 
3504.	[func]		Add support for ACLs based on geographic location,
			using MaxMind GeoIP databases. Based on code
			contributed by Ken Brownfield <kb@slide.com>.
			[RT #30681]
 2013-02-27 17:19:39 -08:00
Mark Andrews
609b8d0817 update copyrights 2013-02-27 12:27:58 +11:00
Mark Andrews
118bdfd8c4 3497. [func] When deleting a slave/stub zone using 'rndc delzone' 
report the files that were being used so they can
                        be cleaned up if desired. [RT #27899]

Squashed commit of the following:

commit 0e4e69d0c3153fe94aaa375b908cf7e3e45b5059
Author: Mark Andrews <marka@isc.org>
Date:   Thu Feb 21 17:01:44 2013 +1100

    report the zones to be removed rather than removing them

commit 5d247ac592eef64c4c467d99af4983b8c1ff998f
Author: Mark Andrews <marka@isc.org>
Date:   Wed Feb 20 15:05:47 2013 +1100

    remove slave/stub files when deleting a zone using delzone
 2013-02-26 14:48:21 +11:00
Evan Hunt
94315060c2 [master] RPZ speedup (phase 2, multiple RPZ's) 
3495.	[func]		Support multiple response-policy zones, while
			improving RPZ performance. [RT #32476]
 2013-02-25 12:46:51 -08:00
Evan Hunt
55e5c51e66 [master] DNS RRL 
3494.	[func]		DNS RRL: Blunt the impact of DNS reflection and
			amplification attacks by rate-limiting substantially-
			identical responses. [RT #28130]
 2013-02-25 12:45:56 -08:00
Mark Andrews
4801931443 3461. [bug] Negative responses could incorrectly have AD=1 
set. [RT #32237]
 2013-01-10 23:09:08 +11:00
Tinderbox User
49503f1d9f update copyright notice 2013-01-05 23:45:47 +00:00
Mark Andrews
25b95d31ce 3450. [bug] Stop logfileconfig system test spam system logs. 
[RT #32315]

Squashed commit of the following:

commit ad40744e2c7dc253b70857bb229def5dd194b418
Author: Mark Andrews <marka@isc.org>
Date:   Fri Jan 4 17:24:45 2013 +1100

    logfileconfig spams the system log files
 2013-01-06 07:56:10 +11:00
Mark Andrews
4786e693a7 3413. [func] Record the number of DNS64 AAAA RRsets that have been 
synthesized. [RT #27636]

Squashed commit of the following:

commit b375c287a3d95ed2eb29977d4347d845f393add7
Author: Evan Hunt <each@isc.org>
Date:   Wed Oct 24 21:28:04 2012 -0700

    [rt27636] add dns64 responses stat counter
 2012-11-01 14:23:14 +11:00
Evan Hunt
bcf966e614 [rt31494] add gitID to kit.sh generated tarballs 2012-10-22 12:56:47 -07:00
Mark Andrews
4b17401c9c add test support for dropping edns messages (-T dropedns); ignoring edns in queries (-T noedns); variable max UDP (-T maxudp=value) 2012-10-16 10:23:08 +11:00
Tinderbox User
adb113e235 update copyright notice 2012-09-29 23:46:01 +00:00
Mark Andrews
cc0a2f0283 Add undocumented '-T delay=value' to allow for simulation of remote servers 2012-09-29 13:07:09 +10:00
Mark Andrews
4118cd4276 3371. [bug] AD=1 should behave like DO=1 when deciding whether to 
add NS RRsets to the additional section or not.
                        [RT #30479]
 2012-08-31 11:20:38 +10:00
Vernon Schryver
929621dd7d undo rogue merge on bin/tests/.gitignore 
add bin/named/include/.gitignore so that `git add` and other commands
will not whine about changes in the bin/named/include/named directory
 2012-07-09 19:16:11 +00:00
Evan Hunt
d878b8d87c merged filter-aaaa-on-v6 (ATT SoW) 
3327.	[func]		Added 'filter-aaaa-on-v6' option; this is similar
			to 'filter-aaaa-on-v4' but applies to IPv6
			connections.  (Use "configure --enable-filter-aaaa"
			to enable this option.)  [RT #27308]
 2012-05-14 11:50:00 -07:00
Evan Hunt
dd2a0a6d2d Merge statistics code (ATT SoW, rt24117) 
This includes the following changes:

3326.	[func]		Added task list statistics: task model, worker
			threads, quantum, tasks running, tasks ready.
			[RT #27678]

3325.	[func]		Report cache statistics: memory use, number of
			nodes, number of hash buckets, hit and miss counts.
			[RT #27056]

3324.	[test]		Add better tests for ADB stats [RT #27057]

3323.	[func]		Report the number of buckets the resolver is using.
			[RT #27020]

3322.	[func]		Monitor the number of active TCP and UDP dispatches.
			[RT #27055]

3321.	[func]		Monitor the number of recursive fetches and the
			number of open sockets, and report these values in
			the statistics channel. [RT #27054]

3320.	[func]		Added support for monitoring of recursing client
			count. [RT #27009]

3319.	[func]		Added support for monitoring of ADB entry count and
			hash size. [RT #27057]
 2012-05-14 10:06:05 -07:00
Automatic Updater
41f1164438 update copyright notice 2012-01-31 23:47:33 +00:00
Evan Hunt
93143fd81a 3273. [bug] AAAA responses could be returned in the additional 
section even when filter-aaaa-on-v4 was in use.
                        [RT #27292]
 2012-01-31 06:58:39 +00:00
Evan Hunt
2855e27723 3271. [func] New "rndc zonestatus" command prints information 
about the specified zone. [RT #21671]
 2012-01-31 03:35:41 +00:00
Evan Hunt
5d23a6ac83 3214. [func] Add 'named -U' option to set the number of UDP 
listener threads per interface. [RT #26485]
 2011-11-09 18:44:04 +00:00
Evan Hunt
f550b4b104 3201. [func] 'rndc querylog' can now be given an on/off parameter 
instead of only being used as a toggle. [RT #18351]
 2011-11-03 23:05:31 +00:00
Evan Hunt
9c03f13e18 3185. [func] New 'rndc signing' option for auto-dnssec zones: 
- 'rndc signing -list' displays the current
			   state of signing operations
			 - 'rndc signing -clear' clears the signing state
		  	   records for keys that have fully signed the zone
			 - 'rndc signing -nsec3param' sets the NSEC3
			   parameters for the zone
			The 'rndc keydone' syntax is removed. [RT #23729]
 2011-10-28 06:20:07 +00:00
Mark Andrews
b1c6de5456 3177. [func] 'rndc keydone', remove the indicator record that 
named has finished signing the zone with the
                        corresponding key.  [RT #26206]
 2011-10-25 01:54:22 +00:00
Automatic Updater
0e11ca0f0b update copyright notice 2011-10-11 23:46:45 +00:00
Evan Hunt
793814f807 3164. [func] Enable DLZ modules to retrieve client information, 
so that responses can be changed depending on the
			source address of the query. [RT #25768]
 2011-10-11 00:09:03 +00:00
Evan Hunt
b2086d798b 3163. [bug] Use finer-grained locking in client.c to address 
concurrency problems with large numbers of threads.
			[RT #26044]
 2011-10-10 22:57:14 +00:00
Automatic Updater
4e68c7c87c update copyright notice 2011-08-30 23:46:53 +00:00
Mark Andrews
9198ab377b 3147. [func] Initial inline signing support. [RT #23657] 2011-08-30 05:16:15 +00:00
Evan Hunt
0127993480 3140. [func] New command "rndc flushtree <name>" clears the 
specified name from the server cache along with
			all names under it. [RT #19970]
 2011-08-02 20:36:13 +00:00
Automatic Updater
2f17ad4545 update copyright notice 2011-07-28 23:47:59 +00:00
Evan Hunt
f07b2fccaf 3137. [func] Improve hardware scalability by allowing multiple 
worker threads to process incoming UDP packets.
			This can significantly increase query throughput
			on some systems.  [RT #22992]
 2011-07-28 04:04:37 +00:00
Automatic Updater
313b4dc3b2 update copyright notice 2011-06-17 23:47:49 +00:00
Evan Hunt
e7220c9b84 3129. [bug] Named could crash on 'rndc reconfig' when 
allow-new-zones was set to yes and named ACLs
			were used, [RT #22739]
 2011-06-17 07:05:02 +00:00
Automatic Updater
6333ba02a5 update copyright notice 2011-03-21 23:47:21 +00:00
Evan Hunt
7cb226ec34 3084. [func] A new command "rndc sync" dumps pending changes in 
a dynamic zone to disk; "rndc sync -clean" also
			removes the journal file after syncing.  Also,
			"rndc freeze" no longer removes journal files.
			[RT #22473]
 2011-03-21 07:22:14 +00:00
Francis Dupont
50f64cf0e5 silent compiler warnings for DLZ exernal driver support and example 2011-03-17 09:25:54 +00:00
Automatic Updater
cf786a52ce update copyright notice 2011-03-10 23:47:50 +00:00
Evan Hunt
422009fe5b 3066. [func] The DLZ "dlopen" driver is now built by default, 
no longer requiring a configure option.  To
			disable it, use "configure --without-dlopen".
                        Driver also supported on win32.  [RT #23467]
 2011-03-10 04:36:16 +00:00
Automatic Updater
9cee5bb028 update copyright notice 2011-01-13 04:59:26 +00:00
Mark Andrews
87708bde16 3008. [func] Response policy zones (RPZ) support. [RT #21726] 2011-01-13 01:59:28 +00:00
Automatic Updater
ca103999e6 update copyright notice 2010-12-20 23:47:21 +00:00
Evan Hunt
71bd858d8e 2989. [func] Added support for writable DLZ zones. (Contributed 
by Andrew Tridgell of the Samba project.) [RT #22629]

2988.	[experimental]	Added a "dlopen" DLZ driver, allowing the creation
			of external DLZ drivers that can be loaded as
			shared objects at runtime rather than linked with
			named.  Currently this is switched on via a
			compile-time option, "configure --with-dlz-dlopen".
			Note: the syntax for configuring DLZ zones
			is likely to be refined in future releases.
			(Contributed by Andrew Tridgell of the Samba
			project.) [RT #22629]

2987.	[func]		Improve ease of configuring TKEY/GSS updates by
			adding a "tkey-gssapi-keytab" option.  If set,
			updates will be allowed with any key matching
			a principal in the specified keytab file.
			"tkey-gssapi-credential" is no longer required
			and is expected to be deprecated.  (Contributed
			by Andrew Tridgell of the Samba project.)
			[RT #22629]
 2010-12-18 01:56:23 +00:00
Mark Andrews
e334405421 2981. [func] Partial DNS64 support (AAAA synthesis). [RT #21991] 2010-12-08 02:46:17 +00:00
Automatic Updater
7041e86986 update copyright notice 2010-09-24 08:31:23 +00:00
Mark Andrews
ed83fa75f5 2963. [security] The allow-query acl was being applied instead of the 
allow-query-cache acl to cache lookups. [RT #22114]
 2010-09-24 05:09:03 +00:00
Mark Andrews
082f42dcf2 2960. [func] Check that named accepts non-authoritative answers. 
[RT #21594]
 2010-09-15 12:07:56 +00:00
Automatic Updater
f428e385a4 update copyright notice 2010-08-16 23:46:52 +00:00
Mark Andrews
c6f4972c74 2943. [func] Add support to load new keys into managed zones 
without signing immediately with "rndc loadkeys".
                        Add support to link keys with "dnssec-keygen -S"
                        and "dnssec-settime -S".  [RT #21351]
 2010-08-16 22:21:07 +00:00
Evan Hunt
86dcc40058 2930. [experimental] New "rndc addzone" and "rndc delzone" commads 
allow dynamic addition and deletion of zones.
			To enable this feature, specify a "new-zone-file"
			option at the view or options level in named.conf.
			Zone configuration information for the new zones
			will be written into that file.  To make the new
			zones persist after a restart, "include" the file
			into named.conf in the appropriate view.  (Note:
			This feature is not yet documented, and its syntax
			is expected to change.) [RT #19447]
 2010-07-11 00:12:57 +00:00
Automatic Updater
1b67d9b719 update copyright notice 2010-06-26 23:46:49 +00:00
Mark Andrews
810656a187 2925. [bug] Named failed to accept uncachable negative responses 
from insecure zones. [RT# 21555]
 2010-06-25 23:50:13 +00:00
Automatic Updater
cf309ffeee update copyright notice 2010-06-25 23:46:51 +00:00
Mark Andrews
bf13e709db 2924. [func] 'rndc secroots' dump a combined summary of the 
current managed keys combined with trusted keys.
                        [RT #20904]
 2010-06-25 03:24:05 +00:00
Automatic Updater
515c7f3c43 update copyright notice 2010-05-14 23:50:40 +00:00
Mark Andrews
778a01b1aa 2893. [bug] Improve managed keys support. New named.conf option 
managed-keys-directory. [RT #20924]
 2010-05-14 04:48:28 +00:00
Vernon Schryver
5d9922e86f Allow the optional filter-aaaa-on-v4 option in view statements to close #20635 2009-11-28 15:57:37 +00:00
Evan Hunt
c8aa7ce70d 2732. [func] Add optional filter-aaaa-on-v4 option, available 
if built with './configure --enable-filter-aaaa'.
			Filters out AAAA answers to clients connecting
			via IPv4.  (This is NOT recommended for general
			use.) [RT #20339]
 2009-10-26 23:14:54 +00:00
Automatic Updater
97639003b0 update copyright notice 2009-10-12 23:48:02 +00:00
Evan Hunt
77b8f88f14 2712. [func] New 'auto-dnssec' zone option allows zone signing 
to be fully automated in zones configured for
			dynamic DNS.  'auto-dnssec allow;' permits a zone
			to be signed by creating keys for it in the
			key-directory and using 'rndc sign <zone>'.
			'auto-dnssec maintain;' allows that too, plus it
			also keeps the zone's DNSSEC keys up to date
			according to their timing metadata. [RT #19943]
 2009-10-12 20:48:12 +00:00
Francis Dupont
8b78c993cb explicit engine rt20230a 2009-10-05 17:30:49 +00:00
Automatic Updater
61dd99bfae update copyright notice 2009-09-29 23:48:04 +00:00
Francis Dupont
debd489a44 noreturn RT #20257 2009-09-29 15:06:07 +00:00
Automatic Updater
3e12c54de2 update copyright notice 2009-07-14 23:47:54 +00:00
Evan Hunt
08f860f800 2630. [func] Improved syntax for DDNS autoconfiguration: use 
"update-policy local;" to switch on local DDNS in a
			zone.  [RT #19875]
 2009-07-14 22:54:57 +00:00
Mark Andrews
109580e7e5 2920. [bug] Delay thawing the zone until the reload of it has 
completed successfully.  [RT #19750]
 2009-07-02 07:39:03 +00:00
Evan Hunt
cfb1587eb9 2619. [func] Add support for RFC 5011, automatic trust anchor 
maintenance.  The new "managed-keys" statement can
			be used in place of "trusted-keys" for zones which
			support this protocol.  (Note: this syntax is
			expected to change prior to 9.7.0 final.) [RT #19248]
 2009-06-30 02:53:46 +00:00
Automatic Updater
754cb8a2b3 update copyright notice 2009-06-11 23:47:56 +00:00
Evan Hunt
351b62535d 2609. [func] Simplify the configuration of dynamic zones: 
- add ddns-confgen command to generate
			  configuration text for named.conf
			- add zone option "ddns-autoconf yes;", which
			  causes named to generate a TSIG session key
			  and allow updates to the zone using that key
			- add '-l' (localhost) option to nsupdate, which
			  causes nsupdate to connect to a locally-running
			  named process using the session key generated
			  by named
			[RT #19284]
 2009-06-10 00:27:22 +00:00
Francis Dupont
ff380b05fe comment fixes (rt19624) 2009-05-07 09:41:23 +00:00
Automatic Updater
2464bd58eb update copyright notice 2009-03-05 23:47:36 +00:00
Evan Hunt
3a30493983 2572. [func] Simplify DLV configuration, with a new option 
"dnssec-lookaside auto;"  This is the equivalent
			of "dnssec-lookaside . trust-anchor dlv.isc.org;"
			plus setting a trusted-key for dlv.isc.org.

			Note: The trusted key is hard-coded into named,
			but is also stored in (and can be overridden
			by) $sysconfdir/bind.keys.  As the ISC DLV key
			rolls over it can be kept up to date by replacing
			the bind.keys file with a key downloaded from
			https://www.isc.org/solutions/dlv. [RT #18685]
 2009-03-04 02:42:31 +00:00
Mark Andrews
d36ba0f0ca 2570. [func] Log the destination address the query was sent to. 
[RT #19209]
 2009-03-03 01:36:17 +00:00
Tatuya JINMEI 神明達哉
d9059b0c38 2537. [func] Added more statistics counters including those on socket 
I/O events and query RTT histograms.  [RT #18802]
 2009-01-27 22:30:00 +00:00
Automatic Updater
d362465c77 update copyright notice 2009-01-17 23:47:43 +00:00
Francis Dupont
482b24c9a4 spelling 2009-01-17 11:04:25 +00:00
Automatic Updater
9e0d0a279b update copyright notice 2009-01-09 23:47:46 +00:00
Tatuya JINMEI 神明達哉
7781f25078 2526. [func] New named option "attach-cache" that allows multiple 
views to share a single cache to save memory and
			improve lookup efficiency. [RT 18905]
 2009-01-09 22:24:37 +00:00
Automatic Updater
d7845fc5ba update copyright notice 2009-01-07 23:47:47 +00:00
Tatuya JINMEI 神明達哉
609f86163a 2525. [func] New logging category "query-errors" to provide detailed 
internal information about query failures, especially
			about server failures. [RT #19027]
 2009-01-07 01:46:40 +00:00
Mark Andrews
a435080fb8 fix for windows compiler 2008-11-16 22:49:18 +00:00
Automatic Updater
7f950d7cb7 update copyright notice 2008-11-06 23:47:06 +00:00
Mark Andrews
f6f1672b4e 2486. [func] The default locations for named.pid and lwresd.pid 
are now /var/run/named/named.pid and
                        /var/run/lwresd/lwresd.pid respectively.

                        This allows the owner of the containing directory
                        to be set, for "named -u" support, and allows there
                        to be a permanent symbolic link in the path, for
                        "named -t" support.  [RT #18306]
 2008-11-06 05:30:24 +00:00
Mark Andrews
7ca0cdd7ec 2472. [port] linux: check the number of available cpu's before 
calling chroot as it depends of "/proc". [RT #16923]
 2008-10-24 01:08:21 +00:00
Tatuya JINMEI 神明達哉
eeaa2277ea 2446. [func] Add a new log message about build options on startup. 
A new command-line option '-V' for named is also
			provided to show this information. [RT# 18645]
 2008-09-23 17:25:47 +00:00
Mark Andrews
8907d8fa04 2355. [func] Extend the number statistics counters available. 
[RT #17590]
 2008-04-03 05:55:52 +00:00
Mark Andrews
db30f4bdcb 2353. [func] Add support for Name Server ID (RFC 5001). 
'dig +nsid' requests NSID from server.
                        'request-nsid yes;' causes recursive server to send
                        NSID requests to upstream servers.  Server responds
                        to NSID requests with the string configured by
                        'server-id' option.  [RT #17091]
 2008-04-03 02:01:08 +00:00
Tatuya JINMEI 神明達哉
1c3ed2a83d 2320. [func] Make statistics couters thread-safe for platforms 
that support certain atomic operations. [RT #17466]
 2008-01-24 02:00:44 +00:00
Automatic Updater
2f012d936b update copyright notice 2008-01-18 23:46:58 +00:00
Automatic Updater
2f99b54e8e update copyright notice 2008-01-17 23:47:00 +00:00
Tatuya JINMEI 神明達哉
bfcc5ae79a 2294. [func] Allow the experimental statistics channels to have 
multiple connections and ACL.
			Note: the stats-server and stats-server-v6 options
			available in the previous beta releases are replaced
			with the generic statistics-channels statment.
 2008-01-17 00:15:14 +00:00
Automatic Updater
1da14e066c update copyright notice 2008-01-02 23:47:02 +00:00
Mark Andrews
f5d0f49584 2285. [func] Test framework for client memory context management. 
[RT #17377]
 2008-01-02 05:03:07 +00:00
Mark Andrews
8c850a29ed 2280. [func] Allow the experimental http server to be reached 
over IPv6 as well as IPv4. [RT #17332]
 2007-12-14 04:01:20 +00:00
Mark Andrews
a1e2170ad5 2250. [func] New flag 'memstatistics' to state whether the 
memory statistics file should be written or not.
                        Additionally named's -m option will cause the
                        statistics file to be written. [RT #17113]
 2007-09-26 03:22:45 +00:00
Automatic Updater
70e5a7403f update copyright notice 2007-06-19 23:47:24 +00:00
Automatic Updater
ec5347e2c7 update copyright notice 2007-06-18 23:47:57 +00:00
Automatic Updater
858ad8db23 update copyright notice 2007-03-29 23:47:04 +00:00
Mark Andrews
819b98479e 2165. [func] Allow the destination address of a query to determine 
if we will answer the query or recurse.
                        allow-query-on, allow-recursion-on and
                        allow-query-cache-on. [RT #16291]
 2007-03-29 06:36:31 +00:00
Michael Graff
b015e6b3e1 make changes on HEAD, not on a branch. 2006-12-22 03:07:57 +00:00
Mark Andrews
148f27aee6 update copyright notice 2006-12-22 01:59:44 +00:00
Mark Andrews
186e7f37c9 2122. [func] Experimental http server and statistics support 
for named via xml.
 2006-12-21 06:03:37 +00:00
Mark Andrews
289ae548d5 2105. [func] GSS-TSIG support (RFC 3645). 2006-12-04 01:54:53 +00:00
Mark Andrews
472460e05f update copyright notice 2006-06-06 00:11:42 +00:00
Mark Andrews
5d51f53483 2036. [bug] 'rndc recursing' could cause trigger a REQUIRE. 
[RT #16075]
 2006-06-04 23:59:33 +00:00
Mark Andrews
d2ef84e07b 2008. [func] It is now posssible to enable/disable DNSSEC 
validation from rndc.  This is useful for the
                        mobile hosts where the current connection point
                        breaks DNSSEC (firewall/proxy).  [RT #15592]

                                rndc validation newstate [view]
 2006-03-09 23:39:00 +00:00
Mark Andrews
641f68d427 update copyright notice 2006-03-02 00:37:23 +00:00
Mark Andrews
45e1bd6358 1991. [cleanup] The configuration data, once read, should be treated 
as readonly.  Expand the use of const to enforce this
                        at compile time. [RT #15813]
 2006-02-28 02:39:52 +00:00
Mark Andrews
26e2a07a0b update copyright notice 2006-01-27 23:57:46 +00:00
Mark Andrews
c6d4f78152 1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and 
HMACSHA512 support. [RT #13606]
 2006-01-27 02:35:15 +00:00
Mark Andrews
6b79e960e6 1913. [func] Automatic empty zone creation for D.F.IP6.ARPA and 
friends.  Note: RFC 1918 zones are not yet covered by
                        this but are likely to be in a future release.

                        New options: empty-server, empty-contact,
                        empty-zones-enable and disable-empty-zone.
 2005-08-18 00:57:31 +00:00
Mark Andrews
261a6a1f7d 1911. [func] Attempt to make the amount of work performed in a 
iteration self tuning.  The covers nodes clean from
                        the cache per iteration, nodes written to disk when
                        rewriting a master file and nodes destroyed per
                        iteration when destroying a zone or a cache.
                        [RT #14996]
 2005-08-15 01:21:07 +00:00
Mark Andrews
8abe06b25d 1905. [bug] Recursive clients soft quota support wasn't working 
as expected. [RT #15103]
 2005-07-27 02:29:01 +00:00
Mark Andrews
fb827ed6df 9.4/HEAD sync 2005-07-18 06:03:01 +00:00
Mark Andrews
1fc4793844 1879. [func] Added framework for handling multiple EDNS versions. 
1878.   [func]          dig can now specify the EDNS version when making
                        a query.
 2005-06-07 00:16:01 +00:00
Mark Andrews
f5d30e2864 update copyright notice 2005-05-13 01:35:48 +00:00
Mark Andrews
2e740e169d further changes for 
1848.   [bug]           Improve SMF integration. [RT #13238]
 2005-04-29 00:36:16 +00:00
Mark Andrews
69fe9aaafd update copyright notice 2005-04-29 00:24:12 +00:00
Rob Austein
ab023a6556 1851. [doc] Doxygen comment markup. [RT #11398] 2005-04-27 04:57:32 +00:00
Mark Andrews
c651f15b30 1849. [doc] All forms of the man pages (docbook, man, html) should 
have consistant copyright dates.
 2005-04-07 03:50:05 +00:00
Mark Andrews
f754fa97bc 1848. [bug] Improve SMF integration. [RT #13238] 2005-04-05 00:58:16 +00:00
Mark Andrews
08097713a4 update copyright notice 2005-02-11 00:01:58 +00:00
Mark Andrews
3aca8e5bf3 1758. [func] Don't send notify messages to self. [RT #12933] 2005-02-10 05:53:43 +00:00
Mark Andrews
abeb45c775 update copyrights 2005-01-12 01:56:12 +00:00
Mark Andrews
ad5bc22a81 1797. [func] named-checkconf now check acls to verify that they 
only refer to existing acls. [RT #13101]
 2005-01-11 03:46:11 +00:00
Tatuya JINMEI 神明達哉
d0eb2cc33c 1526. [func] Implemented "additional section caching (or acache)", 
an internal cache framework for additional section
			content to improve response performance.  Several
			configuration options were provided to control the
			behavior.
 2004-12-21 10:45:20 +00:00
Mark Andrews
2a71a21346 1710. [func] 'rndc notify zone [class [view]]' resend the NOTIFY 
messages for the specified zone. [RT #9479]
 2004-10-11 05:30:20 +00:00
Mark Andrews
817a7fb62d 1711. [func] 'rndc unfreeze' has been deprecated by 'rndc thaw'. 2004-09-03 03:42:58 +00:00
Mark Andrews
c426fddf16 1690. [bug] Delay detaching view from the client until UPDATE 
processing completes when shutting down. [RT #11714]
 2004-07-23 02:57:27 +00:00
Mark Andrews
9f7d51ee32 1688. [bug] LDFLAGS was not supported. 2004-07-20 07:13:43 +00:00
Mark Andrews
cc32d38366 1622. [func] probe the system to see if IPV6_(RECV)PKTINFO is 
available, and suppress wildcard binding if not.

1621.   [bug]           match-destinations did not work for IPv6 TCP queries.
                        [RT# 11156]
 2004-04-29 01:37:14 +00:00
Mark Andrews
1cf54d1966 1612. [bug] check-names at the option/view level could trigger 
an INSIST. [RT# 11116]
 2004-04-20 14:11:47 +00:00
Mark Andrews
dafcb997e3 update copyright notice 2004-03-05 05:14:21 +00:00
Mark Andrews
f8dfdef682 1564. [func] Attempt to provide a fallback entropy source to be 
used if named is running chrooted and named is unable
                        to open entropy source within the chroot area.
                        [RT #10133]
 2004-01-27 02:13:22 +00:00
Mark Andrews
35541328a8 1558. [func] New DNSSEC 'disable-algorithms'. Support entry into 
child zones for which we don't have a supported
                        algorithm.  Such child zones are treated as unsigned.

1557.   [func]          Implement missing DNSSEC tests for
                        * NOQNAME proof with wildcard answers.
                        * NOWILDARD proof with NXDOMAIN.
                        Cache and return NOQNAME with wildcard answers.
 2004-01-14 02:06:51 +00:00
Mark Andrews
62700b67eb 1539. [bug] Open UDP sockets for notify-source and transfer-source 
that use reserved ports at startup. [RT #9475]
 2004-01-05 06:56:44 +00:00
Mark Andrews
1e107b3d7b 1495. [cleanup] Replace hash functions with universal hash. 2003-07-25 02:22:26 +00:00
Mark Andrews
72ddc4cef9 1480. [bug] Provide replay protection for rndc commands. Full 
replay protection requires both rndc and named to
                        be updated.  Partial replay protection (limited
                        exposure after restart) is provided if just named
                        is updated.
 2003-07-17 06:24:44 +00:00
Mark Andrews
e2fb08b85d 1432. [func] The advertised EDNS UDP buffer size can now be set 
via named.conf (edns-udp-size).
developer: marka
reviewer: explorer
 2003-02-26 02:04:00 +00:00
Mark Andrews
838d608e6f 1422. [func] Log name/type/class when denying a query. [RT #4663] 2003-01-21 06:11:46 +00:00
Mark Andrews
9bd478a5e6 1417. [func] ID.SERVER/CHAOS is now a built in zone. 
See "server-id" for how to configure.
 2003-01-20 05:46:11 +00:00
Mark Andrews
49a940dc68 1402. [cleanup] A6 has been moved to experimental and is no longer 
fully supported.
developer: jinmei
reviewer: marka
 2002-11-27 09:52:58 +00:00
Michael Graff
43ee20a821 merge rt4112 2002-11-12 23:38:12 +00:00
Mark Andrews
a9ae9d743c 1380. [func] 'rndc recursing' dump recursing queries to 
'recursing-file = "named.recursing";'.
 2002-09-10 04:45:54 +00:00
Mark Andrews
75ace6601e 1379. [func] 'rndc stats' now reports tcp and recursion quota 
states.

1378.   [func]          Improved positive feedback for 'rndc {reload|refresh}.

1377.   [func]          dns_zone_load{new}() now reports if the zone was
                        loaded, queued for loading to up to date.

1376.   [func]          New function dns_zone_logc() to log to specified
                        category.
 2002-09-10 02:23:46 +00:00
Michael Graff
e3239b40d2 remove the periodic 'still alive' message 2002-09-09 21:20:16 +00:00
Michael Graff
e64aa1b4f2 add 15-second 'alive' messages (sent to server info channel) and support for a temporary hack, 'rndc timerpoke' 2002-09-08 18:34:04 +00:00
Mark Andrews
3bdf879a53 developer: jinmei 
reviewer: marka
1371    [bug]           notify-source-v6, transfer-source-v6 and
                        query-source-v6 with explict addresses and using the
                        same ports as named was listening on could interfere
                        with nameds ability to answer queries sent to those
                        addresses.
 2002-08-30 02:05:30 +00:00
Mark Andrews
dcd371be7d 1220. [func] Extended rndc dumpdb to support dumping of zones and 
view selection: 'dumpdb [-all|-zones|-cache] [view]'.
 2002-06-13 05:12:54 +00:00
Mark Andrews
cc4928ec71 1219. [func] New category 'update-security'. 2002-06-12 06:29:49 +00:00
Mark Andrews
93e6ebcd0a 1277. [bug] Failure to write pid-file should not be fatal on 
reload. [RT #2861]
 2002-05-03 05:28:29 +00:00
Mark Andrews
2dd99c098c 1234. [bug] 'rrset-order' and 'sortlist' should be additive 
not exclusive.

1223.   [func]          'rrset-order' partially works 'cyclic' and 'random'
                        are supported.
 2002-03-07 13:46:41 +00:00
Mark Andrews
a7038d1a05 copyrights 2002-02-20 03:35:59 +00:00
Andreas Gustafsson
6a8832f784 There are four "i":s in "initialize" 2002-02-20 01:45:15 +00:00
Brian Wellington
b2ca6fd3a8 #1187 was both unclean and broken. Fix it and clean it up. 2002-01-23 08:46:40 +00:00
Brian Wellington
cde7dfea4c 1190. [func] Add the "rndc freeze" and"rndc unfreeze" commands. 
[RT #2394]

Basically, "freeze" disables dynamic updates to a zone, syncs the journal
file into the master file, and removes the journal.  This allows manual
edits of a dynamic zone file without stopping the server, since the
zone is temporarily considered non-dynamic.  "unfreeze" re-enables dynamic
updates to a zone.

So, instead of the old:
	rndc stop
	edit master file
	remove journal
	restart server
you can now do:
	rndc freeze zone
	edit master file
	rndc reload zone
	rndc unfreeze zone
which doesn't require stopping the server.

About everyone here at the secure dynamic update workshop wanted this.
It will be documented soon.
 2002-01-22 22:05:59 +00:00
Mark Andrews
8e40433e34 1158. [func] Report the client's address when logging notify 
messages.
 2001-12-10 23:09:24 +00:00
Mark Andrews
60213f2815 1139. [func] It is now possible to flush a given name from the 
caches via 'rndc flushname name [view]'.  [RT #2051]
 2001-11-27 04:06:17 +00:00
Andreas Gustafsson
17453368fa Reimplemented the built-in CHAOS zones using sdb. 2001-11-20 01:18:15 +00:00
Andreas Gustafsson
31f6e44dca 1126. [bug] The server could access a freed event if shut 
down while a client start event was pending
                        delivery. [RT #2061]
 2001-11-14 22:00:22 +00:00
Mark Andrews
b19619260f 1069. [func] Kill oldest recursive query when recursive query 
quota is exhausted.
 2001-10-24 03:10:18 +00:00
Andreas Gustafsson
9066d09c3e Removed all code within #ifdef DNS_OPT_NEWCODES*. 
It was the last thing being sanitized out of releases; removing
it makes it possible to eliminate the sanitation process.
 2001-10-01 18:54:05 +00:00
Andreas Gustafsson
808b909f27 1014. [bug] Some queries would cause statistics counters to 
increment more than once or not at all. [RT #1321]
 2001-09-21 19:08:06 +00:00
Mark Andrews
5fe21da364 999. [func] "rndc retransfer zone [class [view]]" added. 
[RT #1752]
 2001-09-15 14:23:29 +00:00
Andreas Gustafsson
1e9efeeb22 986. [bug] 'additional-from-auth no;' did not work reliably 
in the case of queries answered from the cache.
                        [RT #1436]
 2001-09-11 01:21:39 +00:00
Mark Andrews
fe6b7ccc8d ns_os_*memstats() -> ns_main_setmemstats() 2001-09-07 00:37:02 +00:00
Andreas Gustafsson
f1eda76d36 include <named/types.h>, not <named/interfacemgr.h> 2001-09-04 19:29:24 +00:00
Danny Mayer
ad82fd0a25 named/interfacemgr.h was not being included 2001-09-01 05:17:28 +00:00
Mark Andrews
28fc90e6c8 #857 was incomplete, ISC_MAGIC was not being used everwhere it should have been. 
'magic' was not being declared consistantly.
some #include <isc/magic.h> were missing from other include files.
NS_SERVER_VALID was not using ISC_MAGIC_VALID.
 2001-08-28 03:58:29 +00:00
Andreas Gustafsson
f504adce37 duplicated CVS ID line 2001-08-09 17:21:06 +00:00
Andreas Gustafsson
76c8294c81 format string bugs and improved format string checking [RT #1578] 2001-08-08 22:54:55 +00:00
Andreas Gustafsson
5439bb1725 removed unused variable ns_g_autorndckeyfile 2001-08-08 20:37:31 +00:00
Mark Andrews
de9833be77 955. [bug] When using views, the zone's class was not being 
inherited from the view's class.  [RT #1583]
 2001-08-07 01:58:59 +00:00
Brian Wellington
3dfc806ddf fix key algorithm checks 2001-08-03 18:12:08 +00:00
Mark Andrews
326bcfa0e2 rndc.key support 2001-08-03 05:56:22 +00:00
Andreas Gustafsson
5465e5f7dd query_getzonedb() formatted the domain name and class being queried 
for at least once for every query to authoritative data, whether or not a log
message was actually printed, which adversely affected query performance
 2001-06-15 23:28:29 +00:00
David Lawrence
6cad3f112f define ns_g_autorndckeyfile 2001-05-31 10:38:56 +00:00
Brian Wellington
5455f30a75 842. [func] 'rndc flush' now takes an optional view. 2001-05-31 01:21:12 +00:00
Mark Andrews
89d03d4715 Redo: 
839.   [func]          Dump packets for which there was no view or that the
                        class could not be determined to category "unmatched".
 2001-05-28 05:17:05 +00:00
Mark Andrews
2ae4dd0dbd 839. [func] Dump packets for which there was no view or that the 
class could not be determined to file, (-e filename).
 2001-05-25 07:39:48 +00:00
Brian Wellington
e4cd5a1e5d Partial support for "rndc status". Not all of the fields are filled in yet. 2001-05-08 04:09:41 +00:00
Andreas Gustafsson
532989b206 initate command channel shutdown from the server task, not the 
main task, to avoid race conditions; eliminate global variables in
controlconf.c
 2001-05-08 03:42:34 +00:00
Andreas Gustafsson
9dafd058e3 implemented 'rndc reconfig' 2001-05-07 23:34:24 +00:00
Brian Wellington
c20ffa38de 808. [func] Add 'rndc flush' to flush the server's cache. 2001-04-11 20:37:50 +00:00
Brian Wellington
d4ef65050f copyright updates 
(note - this doesn't touch lib/bind at all.  Mark, whenever you're done with
lib/bind, make sure to do the copyright magic)
 2001-04-10 21:52:17 +00:00
Brian Wellington
badf66abe0 Remove OMAPI. 2001-03-27 00:53:58 +00:00
Brian Wellington
1b4e6163be oops, missed a few files. 2001-03-27 00:45:13 +00:00
Brian Wellington
1d92d8a245 792. [cleanup] Replace the OMAPI command channel protocol with a 
simpler one.
 2001-03-27 00:44:59 +00:00
Andreas Gustafsson
4c03e69ab8 781. [func] Avoid error packet loops by dropping duplicate FORMERR 
responses. [RT #1006]
 2001-03-19 20:52:21 +00:00
Bob Halley
02a402afe5 add response minimization if MINIMIZE_RESPONSES is defined 2001-03-14 19:33:00 +00:00
Mark Andrews
55b6243923 776. [func] Improved error reporting in denied messages. [RT #252] 2001-03-11 06:19:39 +00:00
David Lawrence
06150c8388 Include lwres/net.h to ensure definition of INADDR_LOOPBACK for lwresd.c. 
This might not be the best place for it, but seemed pretty reasonable.
 2001-03-10 06:40:29 +00:00
Brian Wellington
952a55000a Remove the 4k UDP send buffer from the client object; use an array on the 
stack instead.
 2001-03-06 01:24:40 +00:00
Brian Wellington
90c099e88e 762. [feature] named now uses the new configuration parser. 2001-03-04 21:21:39 +00:00
Andreas Gustafsson
7aff04f5d0 removed unused struct field client::disconnect 2001-02-15 23:42:54 +00:00
Andreas Gustafsson
65a66336a6 redid configuration locking using isc_task_beginexclusive() 
and isc_task_endexclusive() instead of a multitude of separate
configuration rwlocks
 2001-02-14 03:54:53 +00:00
Brian Wellington
2d1db4e2c0 Allocate events in the client structure, and use isc_socket_sendto2() 
and isc_socket_recv2() for sending and receiving packets.  In the send
case, pass the IMMEDIATE flag to avoid receiving an event on send completion
if possible.
 2001-02-12 21:45:37 +00:00
Brian Wellington
dfceef7e68 rndc trace now takes an optional level parameter. 2001-02-07 00:50:44 +00:00
Brian Wellington
9e560b59a7 726. [func] Implement the "trace" and "notrace" commands in rndc. 2001-02-06 23:57:16 +00:00
Brian Wellington
3d76b54512 Don't create a timer for every incoming query - only create it for updates, 
notifies, and recursive queries.
 2001-01-29 19:49:52 +00:00
Mark Andrews
2d0627005d 714. [bug] Preserve interval timers across reloads unless changed. 
[RT# 729]
 2001-01-29 07:08:41 +00:00
Brian Wellington
35f06ab0e6 Clients now listen on sockets instead of accepting queries from dispatchers. 
When a socket is shared by clients and query-source, the client hands off
responses to the dispatcher.
 2001-01-27 02:08:07 +00:00
Andreas Gustafsson
1d830654f5 removed bitstring avoidance code since it was only effective when 
reverse mapping the exact same name multiple times within a 10-minute
window, and the resolver's EDNS0 capability flagging achieves much of
the same effect in a much more general way
 2001-01-22 22:29:04 +00:00
Brian Wellington
499b34cea0 copyright update 2001-01-09 22:01:04 +00:00
Andreas Gustafsson
576f85e5fd 673. [func] The server can now convert RFC1886-style recursive 
lookup requests into RFC2874-style lookups, when
                        enabled using the new option "allow-v6-synthesis".
 2001-01-09 18:26:01 +00:00
Andreas Gustafsson
b23f160d5b simplified handling of the query type, removing the final 
vestiges of support for multiple queries per packet, in preparation
for AAAA synthesis code which needs to know the query type earlier
than it was previously available
 2001-01-07 22:06:14 +00:00
Brian Wellington
58082ab8a8 The "cachefile" option now loads the file on startup. The "temporary" -x 
option to named is no more.
 2000-12-12 23:05:59 +00:00
Brian Wellington
8b6293c6ca oops, forgot to add "dumpdb" 2000-12-12 23:03:16 +00:00
Brian Wellington
eb8713ed94 Add support for the 'rndc dumpdb' command. Also add the 'cachefile' 
option to the config file, which will be used for persistent cache
storage.
 2000-12-12 21:33:21 +00:00
Andreas Gustafsson
294ae26fb3 more DNS_OPT_NEWCODES sanitation 2000-12-02 04:30:08 +00:00
Andreas Gustafsson
ce1f5b8d0a rewrote much of the statistics counter code 2000-12-01 23:49:59 +00:00
Andreas Gustafsson
f41a25ce77 document the fact that ns_client_sendraw() signals 
the end of request processing
 2000-12-01 21:30:20 +00:00
Andreas Gustafsson
984ca288f1 rewrote Mike's code for reloading of individual zones completely, 
thereby eliminating a large number of bugs including a buffer overflow
 2000-11-30 19:38:04 +00:00
Andreas Gustafsson
d3be9a9c6e 583. [func] "rndc querylog" will now toggle logging of 
queries, like "ndc querylog" in BIND 8.
 2000-11-30 00:25:49 +00:00
Andreas Gustafsson
9259fed3d8 Continue move of lib/dns/*conf.c stuff to bin/named 2000-11-27 19:42:38 +00:00
Andreas Gustafsson
86a4d80e06 565. [func] Log queries more like BIND 8: query logging is now 
done to category queries, level info. [RT #169]
 2000-11-23 01:32:48 +00:00
Brian Wellington
dd16d9d9e7 564. [func] Add sortlist support to lwresd. 2000-11-15 23:56:23 +00:00
Andreas Gustafsson
eb23b7b590 eliminated compiler warnings; 
renamed setup_sortlist() to ns_sortlist_setup() to conform
to naming conventions
 2000-11-15 18:12:38 +00:00
Andreas Gustafsson
6f191af6ac document NULL returns from ns_sortlist_byaddrsetup() 2000-11-15 02:47:29 +00:00
David Lawrence
2c02438f84 save the initial values of the resource limits for datasize, stacksize, 
coresize, and open files
 2000-11-14 23:59:21 +00:00
Andreas Gustafsson
221fd7bd53 refactored sortlist code to make it possible to sort addresses 
that are not part of an rdata, as required by lwresd
 2000-11-14 03:22:53 +00:00
Brian Wellington
78d78f05d9 556. [func] The DNSSEC OK bit in the EDNS extended flags 
is now implemented.  Responses to queries without
                        this bit set will not contain any DNSSEC records.
 2000-11-13 21:34:03 +00:00
Michael Sawyer
31eef7e2d4 Use lowercase names for stats 
statistic printing code cleanup
move some of the statistics stufdf to the server object
 2000-11-09 19:55:20 +00:00
Michael Sawyer
39e672d653 Change rndc command from "dump-statistics" to "stats," to match ARM. 2000-11-08 19:02:56 +00:00
Michael Sawyer
a3a11c4f3f Add the ability (via rndc dump-statistics) to dump a file with counters of 
various results given to queries.  Enable the (previously disabled)
statistics-file config option.
 2000-11-07 23:49:42 +00:00
Mark Andrews
0fc89c4ee6 540. [func] Add dialup support. 2000-11-03 07:16:09 +00:00
Brian Wellington
e21d199dca 539. [func] Support the blackhole option. 2000-11-03 02:45:55 +00:00
Brian Wellington
9ce9834a57 server side of getrrsetbyname() 2000-11-02 01:53:25 +00:00
Brian Wellington
4587a7c3df lwresd should only try to load /etc/resolv.conf if the -c option was not 
specified.
 2000-11-01 20:59:22 +00:00
Brian Wellington
783055c0a6 Big lwresd restructuring. The code is a lot more modular now (the lwresd 
structure containing search path, view, etc. is split from the listener
object), and should work correctly on reload.
 2000-10-31 22:39:30 +00:00
Brian Wellington
686026894b getaddrbyname now does search path processing in the server. 2000-10-28 00:35:57 +00:00
Brian Wellington
eb716d8c2e added a new variable to the searchctx 2000-10-28 00:09:46 +00:00
Brian Wellington
dadd8860bb Support for the search and ndots config options in lwresd. 2000-10-24 04:27:25 +00:00
Brian Wellington
38379c5c5e lwresd search list stuff. This isn't used by getaddrbyname yet, but 
it's used by the uncommitted getrrsetbyname.
 2000-10-24 04:25:16 +00:00
Brian Wellington
0df9b6e53b The lwresd -C option had a few problems. 2000-10-13 22:35:46 +00:00