4349. [contrib] kasp2policy: A python script to create a DNSSEC
policy file from an OpenDNSSEC KASP XML file.
4348. [func] dnssec-keymgr: A new python-based DNSSEC key
management utility, which reads a policy definition
file and can create or update DNSSEC keys as needed
to ensure that a zone's keys match policy, roll over
correctly on schedule, etc. Thanks to Sebastian
Castro for assistance in development. [RT #39211]
4324. [bug] When deleting records from a zone database, interior
nodes could be left empty but not deleted, damaging
search performance afterward. [RT #40997]
4300. [bug] A flag could be set in the wrong field when setting
up nonrecursive queries; this could cause the
SERVFAIL cache to cache responses it shouldn't.
New querytrace logging has been added which
identified this error. [RT #41155]
4290. [func] The timers returned by the statistics channel
(indicating current time, server boot time, and
most recent reconfiguration time) are now reported
with millisecond accuracy. [RT #40082]
4284. [bug] Some GeoIP options were incorrectly documented
using abbreviated forms which were not accepted by
named. The code has been updated to allow both
long and abbreviated forms. [RT #41381]
4269. [bug] Zones using "map" format master files currently
don't work as policy zones. This limitation has
now been documented; attempting to use such zones
in "response-policy" statements is now a
configuration error. [RT #38321]
records with an incorrect class to be be accepted,
triggering a REQUIRE failure when those records
were subsequently cached. (CVE-2015-8000) [RT #4098]
4235. [func] Added support in named for "dnstap", a fast method of
capturing and logging DNS traffic, and a new command
"dnstap-read" to read a dnstap log file. Use
"configure --enable-dnstap" to enable this
feature (note that this requires libprotobuf-c
and libfstrm). See the ARM for configuration details.
Thanks to Robert Edmonds of Farsight Security.
[RT #40211]
4224. [func] Added support for "dyndb", a new interface for loading
zone data from an external database, developed by
Red Hat for the FreeIPA project.
DynDB drivers fully implement the BIND database
API, and are capable of significantly better
performance and functionality than DLZ drivers,
while taking advantage of advanced database
features not available in BIND such as multi-master
replication.
Thanks to Adam Tkac and Petr Spacek of Red Hat.
[RT #35271]
