4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier)
are no longer supported. [RT #45186]
4707. [func] The lightweight resolver daemon and library (lwresd
and liblwres) have been removed. [RT #45186]
4706. [func] Code implementing name server query processing has
been moved from bin/named to a new library "libns".
Functions remaining in bin/named are now prefixed
with "named_" rather than "ns_". This will make it
easier to write unit tests for name server code, or
link name server functionality into new tools.
[RT #45186]
4637. [func] "nsec3hash -r" option ("rdata order") takes arguments
in the same order as they appear in NSEC3 or
NSEC3PARAM records, so that NSEC3 parameters can
be cut and pasted from an existing record. Thanks
to Tony Finch for the contribution. [RT #45183]
4503. [cleanup] "make uninstall" now removes file installed by
BIND. (This currently excludes Python files
due to lack of support in setup.py.) [RT #42912]
4421. [func] When built with LMDB (Lightning Memory-mapped
Database), named will now use a database to store
the configuration for zones added by "rndc addzone"
instead of using a flat NZF file. This improves
performance of "rndc delzone" and "rndc modzone"
significantly. Existing NZF files will
automatically by converted to NZD databases.
To view the contents of an NZD or to roll back to
NZF format, use "named-nzd2nzf". To disable
this feature, use "configure --without-lmdb".
[RT #39837]
4235. [func] Added support in named for "dnstap", a fast method of
capturing and logging DNS traffic, and a new command
"dnstap-read" to read a dnstap log file. Use
"configure --enable-dnstap" to enable this
feature (note that this requires libprotobuf-c
and libfstrm). See the ARM for configuration details.
Thanks to Robert Edmonds of Farsight Security.
[RT #40211]
3705. [func] "configure --enable-native-pkcs11" enables BIND
to use the PKCS#11 API for all cryptographic
functions, so that it can drive a hardware service
module directly without the need to use a modified
OpenSSL as intermediary (so long as the HSM's vendor
provides a complete-enough implementation of the
PKCS#11 interface). This has been tested successfully
with the Thales nShield HSM and with SoftHSMv2 from
the OpenDNSSEC project. [RT #29031]
of individual resource records. This tool is intended
to be called by provisioning systems so that the front
end does not need to be upgraded to support new DNS
record types. [RT #34778]
digest length were used incorrectly, leading to
interoperability problems with other DNS
implementations. This has been corrected.
(Note: If an oversize key is in use, and
compatibility is needed with an older release of
BIND, the new tool "isc-hmac-fixup" can convert
the key secret to a form that will work with all
versions.) [RT #20751]
