Evan Hunt
4e8fe357a6
create and use multiple fetch dispatches
...
Added API to create a set of UDP dispatches which can be shared
round-robin style when making upstream queries for authoritative
data; this should reduce lock contention in the query source
dispatch.
2012-04-27 16:11:30 -07:00
Tinderbox User
776833c82e
update copyright notice
2012-04-12 23:45:51 +00:00
Mark Andrews
4f3a3fc43c
3307. [bug] Add missing ISC_LANG_BEGINDECLS and ISC_LANG_ENDDECLS.
...
[RT #28956 ]
2012-04-13 08:32:37 +10:00
Mark Andrews
a280469e72
3307. [bug] Add missing ISC_LANG_ENDDECLS to <dns/tsec.h>. [RT #28956 ]
2012-04-12 19:11:50 +10:00
Tinderbox User
3fb95bfcb2
update copyright notice
2012-04-11 23:45:52 +00:00
Mark Andrews
75582adac7
3306. [bug] Improve DNS64 reverse zone performance. [RT #28563 ]
...
3305. [func] Add wire format lookup method to sdb. [RT #28563 ]
2012-04-11 12:17:57 +10:00
Tinderbox User
5fa46bc916
update copyright notice
2012-03-10 23:45:53 +00:00
Evan Hunt
b48c55093b
Merge branch 'master' of ssh://repo/proj/git/prod/bind9
2012-03-07 08:18:26 -08:00
Evan Hunt
207845805e
set $Id$
2012-03-07 08:18:20 -08:00
Mark Andrews
4c1847ef47
set $Id$
2012-03-07 22:17:19 +11:00
Mark Andrews
2669638693
set $Id$
2012-03-07 22:13:11 +11:00
Evan Hunt
2d7f41d66c
Revert "Re-created rt27597a for ongoing DLZ work"
...
This reverts commit d731ee9121
2012-03-05 15:42:52 -08:00
Evan Hunt
d731ee9121
Re-created rt27597a for ongoing DLZ work
2012-03-05 14:45:30 -08:00
Evan Hunt
632c0f1e91
Revert accidental merge of unfinished DLZ work
2012-03-05 14:44:21 -08:00
Mark Andrews
e214e8728a
Merge branches 'rt28261' and 'rt27597' of repo.isc.org:/proj/git/prod/bind9
2012-03-06 00:16:04 +11:00
Mark Andrews
2eae3ad06e
Merge remote-tracking branch 'origin/rt28040'
2012-03-05 12:49:28 +11:00
Evan Hunt
e41d5a00bc
added gitignore, removed cvsignore
2012-03-03 23:10:05 -08:00
Evan Hunt
954501715d
checkpoint: multiple-DLZ functionality
...
- multiple DLZ's can be specified, including multiple DLZ's using
the same driver; e.g., two different back-ends both loaded by the
dlopen driver
- new "search" option can be specified in a DLZ indicating whether
this DLZ database should be searched for unknown zones. The
default is "yes". If "no", then the zone can only be found by
named if it's registered in the zone table, which happens if the
zone is configured for dynamic updates, or if "dlz <dlzname>" is
specified in the zone statement. (The latter functionality is
incomplete in this commit).
2012-03-03 22:43:38 -08:00
Mark Andrews
8a4689070a
dns_message_logpacket
2012-02-22 05:03:39 +00:00
Evan Hunt
89069e6b3a
3286. [bug] Managed key maintenance timer could fail to start
...
after 'rndc reconfig'. [RT #26786 ]
2012-02-22 00:37:54 +00:00
Mark Andrews
1769b07530
fix memory overun in dns_zone_getincludes, allocated array too small (zero).
...
fix possible memory overrun in dns_zone_getincludes
fix inconsistent mxtc use in ns_server_zonestatus
fix missing out of memory errors checks in zone_registerinclude
fix possible use after free issues zone_registerinclude/ns_server_zonestatus
2012-02-01 21:28:39 +00:00
Automatic Updater
41f1164438
update copyright notice
2012-01-31 23:47:33 +00:00
Evan Hunt
2855e27723
3271. [func] New "rndc zonestatus" command prints information
...
about the specified zone. [RT #21671 ]
2012-01-31 03:35:41 +00:00
Automatic Updater
80c7083796
update copyright notice
2012-01-27 23:46:59 +00:00
Mark Andrews
bc298cd0f7
3268. [bug] Convert RRSIG expiry times to 64 timestamps to work
...
out the earliest expiry time. [RT #23311 ]
2012-01-27 01:43:53 +00:00
Automatic Updater
ee2129ee66
update copyright notice
2012-01-25 23:46:49 +00:00
Mark Andrews
18d208a4a2
3265. [bug] Address lock order reversal with inline-signing
...
support. [27557]
2012-01-25 02:46:53 +00:00
Evan Hunt
f30785f506
3252. [bug] When master zones using inline-signing were
...
updated while the server was offline, the source
zone could fall out of sync with the signed
copy. They can now resynchronize. [RT #26676 ]
2011-12-22 07:32:41 +00:00
Automatic Updater
339d2a4d4b
update copyright notice
2011-12-09 23:47:05 +00:00
Automatic Updater
b54ac42f19
update copyright notice
2011-12-08 23:46:49 +00:00
Evan Hunt
b4d8192d21
3241. [func] Extended the header of raw-format master files to
...
include the serial number of the zone from which
they were generated, if different (as in the case
of inline-signing zones). This is to be used in
inline-signing zones, to track changes between the
unsigned and signed versions of the zone, which may
have different serial numbers.
(Note: raw zonefiles generated by this version of
BIND are no longer compatble with prior versions.
To generate a backward-compatible raw zonefile
using dnssec-signzone or named-compilezone, specify
output format "raw=0" instead of simply "raw".)
[RT #26587 ]
2011-12-08 16:07:22 +00:00
Automatic Updater
806956b43b
update copyright notice
2011-12-05 23:46:35 +00:00
Evan Hunt
4122abdc3c
Back out changes #3182 and #3202
2011-12-05 17:10:51 +00:00
Mark Andrews
de52784e45
3235. [func] dns_db_diffx, a extended dns_db_diff which returns
...
the generated diff and optionally writes it to a
journal. [RT #26386 ]
2011-12-04 23:48:12 +00:00
Mark Andrews
91ed1cc821
3222. [cleanup] Replace dns_journal_{get,set}_bitws with
...
dns_journal_{get,set}_sourceserial. [RT #26634 ]
2011-11-28 03:14:59 +00:00
Mark Andrews
2256c13194
--- 9.9.0b2 released ---
...
3219. [bug] Disable NOEDNS caching following a timeout.
2011-11-16 22:18:53 +00:00
Evan Hunt
c79bcf09bf
Add clientinfo.h to HEADERS. [RT #26558 ]
...
No CHANGES note.
2011-11-14 18:32:34 +00:00
Evan Hunt
90a354ab36
3204. [bug] When a master server that has been marked as
...
unreachable but sends a NOTIFY, mark it reachable
again. [RT #25960 ]
2011-11-04 05:51:02 +00:00
Mark Andrews
a5166d5fce
3202. [bug] NOEDNS caching on timeout was too agressive.
...
[RT #26416 ]
2011-11-04 03:38:44 +00:00
Evan Hunt
8281fd83da
3193. [cleanup] Changed MAXZONEKEYS to DNS_MAXZONEKEYS, moved to
...
dnssec.h. [RT #26415 ]
2011-11-03 02:54:47 +00:00
Automatic Updater
89d1324270
update copyright notice
2011-11-01 23:47:00 +00:00
Evan Hunt
5caf26b168
3188. [bug] zone.c:zone_refreshkeys() could fail to detach
...
references correctly when errors occurred, causing
a hang on shutdown. [RT #26372 ]
2011-11-01 04:00:45 +00:00
Automatic Updater
98a7e53914
update copyright notice
2011-10-28 12:20:31 +00:00
Mark Andrews
7b4b6f361b
3186. [bug] Version/db mis-match in rpz code. [RT #26180 ]
2011-10-28 11:46:50 +00:00
Evan Hunt
9c03f13e18
3185. [func] New 'rndc signing' option for auto-dnssec zones:
...
- 'rndc signing -list' displays the current
state of signing operations
- 'rndc signing -clear' clears the signing state
records for keys that have fully signed the zone
- 'rndc signing -nsec3param' sets the NSEC3
parameters for the zone
The 'rndc keydone' syntax is removed. [RT #23729 ]
2011-10-28 06:20:07 +00:00
Automatic Updater
96f5a19c12
update copyright notice
2011-10-27 23:46:31 +00:00
Scott Mann
b91b288f92
fix edns0 retry issues (rt #23393/24964).
2011-10-27 20:18:42 +00:00
Mark Andrews
b1c6de5456
3177. [func] 'rndc keydone', remove the indicator record that
...
named has finished signing the zone with the
corresponding key. [RT #26206 ]
2011-10-25 01:54:22 +00:00
Mark Andrews
1946c596b4
3174. [bug] Always compute to revoked key tag from scratch.
...
[RT #24711 ]
2011-10-20 21:20:02 +00:00
Automatic Updater
304a539c59
update copyright notice
2011-10-13 22:48:24 +00:00
Vernon Schryver
9fee08f655
Commit rt25172 changes to HEAD including
...
- fix precedence among competing rules
- improve ARM text including documenting rule precedence
- try to rewrite CNAME chains until first hit
- new "rpz" logging channel
- same fix for "NS ." as in RT 24985
2011-10-13 01:32:34 +00:00
Automatic Updater
0e11ca0f0b
update copyright notice
2011-10-11 23:46:45 +00:00
Evan Hunt
793814f807
3164. [func] Enable DLZ modules to retrieve client information,
...
so that responses can be changed depending on the
source address of the query. [RT #25768 ]
2011-10-11 00:09:03 +00:00
Scott Mann
fad5116b3d
Remove the ixfr-from-differences side-effect which causes an AXFR and extend
...
request-ixfr to the zone level.
2011-09-06 22:29:33 +00:00
Automatic Updater
ca894e53b5
update copyright notice
2011-09-02 23:46:33 +00:00
Evan Hunt
8a2ab2b920
3150. [func] Improved startup and reconfiguration time by
...
enabling zones to load in multiple threads. [RT #25333 ]
2011-09-02 21:15:39 +00:00
Automatic Updater
4e68c7c87c
update copyright notice
2011-08-30 23:46:53 +00:00
Mark Andrews
49f385a7ad
include dns/diff.h
2011-08-30 13:02:39 +00:00
Mark Andrews
9198ab377b
3147. [func] Initial inline signing support. [RT #23657 ]
2011-08-30 05:16:15 +00:00
Automatic Updater
adbc177194
update copyright notice
2011-08-02 23:47:52 +00:00
Evan Hunt
0127993480
3140. [func] New command "rndc flushtree <name>" clears the
...
specified name from the server cache along with
all names under it. [RT #19970 ]
2011-08-02 20:36:13 +00:00
Automatic Updater
2f17ad4545
update copyright notice
2011-07-28 23:47:59 +00:00
Evan Hunt
f07b2fccaf
3137. [func] Improve hardware scalability by allowing multiple
...
worker threads to process incoming UDP packets.
This can significantly increase query throughput
on some systems. [RT #22992 ]
2011-07-28 04:04:37 +00:00
Evan Hunt
42cf2ff7ba
3131. [func] Improve scalability by allocating one zone task
...
per 100 zones at startup time, rather than using a
fixed-size task table. [RT #24406 ]
2011-07-06 01:36:32 +00:00
Automatic Updater
122230159d
update copyright notice
2011-07-01 23:47:44 +00:00
Mark Andrews
a69070d8fa
3130. [func] Support alternate methods for managing a dynamic
...
zone's serial number. Two methods are currently
defined using serial-update-method, "increment"
(default) and "unixtime". [RT #23849 ]
2011-07-01 02:25:48 +00:00
Automatic Updater
313b4dc3b2
update copyright notice
2011-06-17 23:47:49 +00:00
Evan Hunt
e7220c9b84
3129. [bug] Named could crash on 'rndc reconfig' when
...
allow-new-zones was set to yes and named ACLs
were used, [RT #22739 ]
2011-06-17 07:05:02 +00:00
Automatic Updater
0f467ed4d4
update copyright notice
2011-06-10 23:47:32 +00:00
Evan Hunt
79ce3a9e82
3128. [func] Inserting an NSEC3PARAM via dynamic update in an
...
auto-dnssec zone that has not been signed yet
will cause it to be signed with the specified NSEC3
parameters when keys are activated. The
NSEC3PARAM record will not appear in the zone until
it is signed, but the parameters will be stored.
[RT #23684 ]
2011-06-10 01:51:09 +00:00
Evan Hunt
6de9744cf9
3124. [bug] Use an rdataset attribute flag to indicate
...
negative-cache records rather than using rrtype 0;
this will prevent problems when that rrtype is
used in actual DNS packets. [RT #24777 ]
3123. [security] Change #2912 exposed a latent flaw in
dns_rdataset_totext() that could cause named to
crash with an assertion failure. [RT #24777 ]
2011-06-08 22:13:51 +00:00
Automatic Updater
6406d6507a
update copyright notice
2011-05-26 23:47:28 +00:00
Mark Andrews
4100ae5109
move dns_trust_totext from masterdump.c to rdataset.c so that exportlib will build
2011-05-26 07:56:39 +00:00
Evan Hunt
bfe32d08c5
3116. [func] New 'dnssec-update-mode' option controls updates
...
of DNSSEC records in signed dynamic zones. Set to
'no-resign' to disable automatic RRSIG regeneration
while retaining the ability to sign new or changed
data. [RT #24533 ]
2011-05-23 20:10:03 +00:00
Scott Mann
a50ce0f80b
Fix for RT #23136 task 1.
2011-05-19 00:31:57 +00:00
Automatic Updater
40717638fa
update copyright notice
2011-05-06 23:47:29 +00:00
Evan Hunt
ac21f918f2
3109. [func] The also-notify option now uses the same syntax
...
as a zone's masters clause. This means it is
now possible to specify a TSIG key to use when
sending notifies to a given server, or to include
an explicit named masters list in an also-notfiy
statement. [RT #23508 ]
2011-05-06 21:23:51 +00:00
Evan Hunt
485522d7e1
3108. [cleanup] dnssec-signzone: Clarified some error and
...
warning messages; removed #ifdef ALLOW_KSKLESS_ZONES
code (use -P instead). [RT #20852 ]
3107. [bug] dnssec-signzone: Report the correct number of ZSKs
when using -x. [RT #20852 ]
2011-05-06 21:08:33 +00:00
Evan Hunt
39f2d1a96a
3102. [func] New 'dnssec-loadkeys-interval' option configures
...
how often, in minutes, to check the key repository
for updates when using automatic key maintenance.
Default is every 60 minutes (formerly hard-coded
to 12 hours). [RT #23744 ]
3101. [bug] Zones using automatic key maintenance could fail
to check the key repository for updates. [RT #23744 ]
2011-04-29 21:37:15 +00:00
Evan Hunt
0994d3a21b
3087. [bug] DDNS updates using SIG(0) with update-policy match
...
type "external" could cause a crash. [RT #23735 ]
2011-03-21 19:54:03 +00:00
Evan Hunt
1063914c30
Fixed some problems from change #3084 that turned up after committing it;
...
"freeze" and "thaw" weren't working quite right when used without a
specific zone name.
2011-03-21 18:38:40 +00:00
Evan Hunt
7cb226ec34
3084. [func] A new command "rndc sync" dumps pending changes in
...
a dynamic zone to disk; "rndc sync -clean" also
removes the journal file after syncing. Also,
"rndc freeze" no longer removes journal files.
[RT #22473 ]
2011-03-21 07:22:14 +00:00
Mark Andrews
b76715a02f
Use UINT_MAX to initialise split_width (unsigned int) instead of -1.
2011-03-20 02:31:54 +00:00
Automatic Updater
207cee019e
update copyright notice
2011-03-17 23:47:30 +00:00
Francis Dupont
50f64cf0e5
silent compiler warnings for DLZ exernal driver support and example
2011-03-17 09:25:54 +00:00
Evan Hunt
61bcc23203
3076. [func] New '-L' option in dnssec-keygen, dnsset-settime, and
...
dnssec-keyfromlabel sets the default TTL of the
key. When possible, automatic signing will use that
TTL when the key is published. [RT #23304 ]
2011-03-17 01:40:40 +00:00
Automatic Updater
0e27506ce3
update copyright notice
2011-03-05 23:52:31 +00:00
Evan Hunt
9a859983d7
3062. [func] Made several changes to enhance human readability
...
of DNSSEC data in dig output and in generated
zone files:
- DNSKEY record comments are more verbose, no
longer used in multiline mode only
- multiline RRSIG records reformatted
- multiline output mode for NSEC3PARAM records
- "dig +norrcomments" suppresses DNSKEY comments
- "dig +split=X" breaks hex/base64 records into
fields of width X; "dig +nosplit" disables this.
[RT #22820 ]
2011-03-05 19:39:07 +00:00
Automatic Updater
7d9d170dbb
update copyright notice
2011-03-03 23:47:32 +00:00
Evan Hunt
70c7f4fb4f
3053. [bug] Under a sustained high query load with a finite
...
max-cache-size, it was possible for cache memory
to be exhausted and not recovered. [RT #23371 ]
2011-03-03 04:42:25 +00:00
Automatic Updater
c8175ece69
update copyright notice
2011-03-01 23:48:07 +00:00
Mark Andrews
0e507dbb81
2039. [func] Redirect on NXDOMAIN support. [RT #23146 ]
2011-02-23 03:08:11 +00:00
Mark Andrews
fd5d7b4b1c
2038. [bug] Install <dns/rpz.h>. [RT #23342 ]
2011-02-22 11:48:02 +00:00
Automatic Updater
784a904bd0
update copyright notice
2011-02-03 12:18:12 +00:00
Mark Andrews
000a8970f8
3011. [func] Change the default query timeout from 30 seconds
...
to 10. Allow setting this in named.conf using the new
'resolver-query-timeout' option, which specifies a max
time in seconds. 0 means 'default' and anything longer
than 30 will be silently set to 30. [RT #22852 ]
2011-02-03 05:41:55 +00:00
Automatic Updater
2352050890
update copyright notice
2011-01-13 08:50:29 +00:00
Mark Andrews
68f6e45d28
uint8_t -> unsigned char
2011-01-13 06:41:05 +00:00
Mark Andrews
119f627c82
uint32_t -> isc_uint32_t
2011-01-13 06:29:16 +00:00
Automatic Updater
9cee5bb028
update copyright notice
2011-01-13 04:59:26 +00:00
Mark Andrews
87708bde16
3008. [func] Response policy zones (RPZ) support. [RT #21726 ]
2011-01-13 01:59:28 +00:00
Automatic Updater
135bcc2e42
update copyright notice
2011-01-11 23:47:14 +00:00
Mark Andrews
433e06a25c
3006. [func] Allow dynamically generated TSIG keys to be preserved
...
across restarts of named. Initially this is for
TSIG keys generated using GSSAPI. [RT #22639 ]
2011-01-10 05:32:04 +00:00
Automatic Updater
0e0be796a7
update copyright notice
2011-01-08 23:47:01 +00:00
Evan Hunt
8a743600dd
3005. [port] Solaris: Work around the lack of
...
gsskrb5_register_acceptor_identity() by setting
the KRB5_KTNAME environment variable to the
contents of tkey-gssapi-keytab. Also fixed
test errors on MacOSX. [RT #22853 ]
2011-01-08 00:33:12 +00:00
Automatic Updater
db69d5d53c
update copyright notice
2011-01-06 23:47:00 +00:00
Evan Hunt
3916872f37
3003. [experimental] Added update-policy match type "external",
...
enabliing named to defer the decision of whether to
allow a dynamic update to an external daemon.
(Contributed by Andrew Tridgell.) [RT #22758 ]
2011-01-06 23:24:39 +00:00
Automatic Updater
a094c46640
update copyright notice
2010-12-23 23:47:08 +00:00
Mark Andrews
37dee1ff94
2999. [func] Add GOST support (RFC 5933). [RT #20639 ]
2010-12-23 04:08:00 +00:00
Mark Andrews
82f77687ab
2993. [func] Dynamically grow adb hash tables. [RT #21186 ]
2010-12-21 03:11:42 +00:00
Automatic Updater
ca103999e6
update copyright notice
2010-12-20 23:47:21 +00:00
Evan Hunt
c445b2f648
Add #ifdef BIND9 to some of the new DLZ code to fix link errors
...
when building with --enable-exportlibs
2010-12-19 02:51:41 +00:00
Mark Andrews
c880d51849
gsskrb5_register_acceptor_identity is not available on all platforms
2010-12-18 14:46:21 +00:00
Evan Hunt
71bd858d8e
2989. [func] Added support for writable DLZ zones. (Contributed
...
by Andrew Tridgell of the Samba project.) [RT #22629 ]
2988. [experimental] Added a "dlopen" DLZ driver, allowing the creation
of external DLZ drivers that can be loaded as
shared objects at runtime rather than linked with
named. Currently this is switched on via a
compile-time option, "configure --with-dlz-dlopen".
Note: the syntax for configuring DLZ zones
is likely to be refined in future releases.
(Contributed by Andrew Tridgell of the Samba
project.) [RT #22629 ]
2987. [func] Improve ease of configuring TKEY/GSS updates by
adding a "tkey-gssapi-keytab" option. If set,
updates will be allowed with any key matching
a principal in the specified keytab file.
"tkey-gssapi-credential" is no longer required
and is expected to be deprecated. (Contributed
by Andrew Tridgell of the Samba project.)
[RT #22629 ]
2010-12-18 01:56:23 +00:00
Automatic Updater
0ccd663a83
update copyright notice
2010-12-16 23:47:08 +00:00
Tatuya JINMEI 神明達哉
743bbdc18f
2947. [func] Add new zone type "static-stub". It's like a stub
...
zone, but the nameserver names and/or their IP
addresses are statically configured. [RT #21474 ]
(for 9.8.0)
2010-12-16 09:51:30 +00:00
Mark Andrews
8d8f0b4659
2984. [bug] Don't run MX checks when the target of the MX record is ".". [RT #22645 ]
2010-12-14 00:39:59 +00:00
Automatic Updater
fd6a9d688c
update copyright notice
2010-12-09 04:31:57 +00:00
Mark Andrews
9f9b7f0e8d
2982. [bug] Reference count dst keys. dst_key_attach() can be used
...
increment the reference count.
Note: dns_tsigkey_createfromkey() callers should now
always call dst_key_free() rather than setting it
to NULL on success. [RT #22672 ]
2010-12-09 00:54:34 +00:00
Automatic Updater
b8a9a7bef2
update copyright notice
2010-12-08 23:51:56 +00:00
Mark Andrews
e334405421
2981. [func] Partial DNS64 support (AAAA synthesis). [RT #21991 ]
2010-12-08 02:46:17 +00:00
Automatic Updater
326a702a35
update copyright notice
2010-12-02 23:46:56 +00:00
Mark Andrews
c87f15dac8
2976. [bug] named die on exit after negotiating a GSS-TSIG key. [RT #3415 ]
2010-12-02 23:22:42 +00:00
Mark Andrews
ed83fa75f5
2963. [security] The allow-query acl was being applied instead of the
...
allow-query-cache acl to cache lookups. [RT #22114 ]
2010-09-24 05:09:03 +00:00
Mark Andrews
c6f4972c74
2943. [func] Add support to load new keys into managed zones
...
without signing immediately with "rndc loadkeys".
Add support to link keys with "dnssec-keygen -S"
and "dnssec-settime -S". [RT #21351 ]
2010-08-16 22:21:07 +00:00
Automatic Updater
2b43d1d8c5
update copyright notice
2010-08-13 23:47:04 +00:00
Evan Hunt
cfd262045c
2936. [func] Improved configuration syntax and multiple-view
...
support for addzone/delzone feature (see change
#2930 ). Removed "new-zone-file" option, replaced
with "allow-new-zones (yes|no)". The new-zone-file
for each view is now created automatically, with
a filename generated from a hash of the view name.
It is no longer necessary to "include" the
new-zone-file in named.conf; this happens
automatically. Zones that were not added via
"rndc addzone" can no longer be removed with
"rndc delzone". [RT #19447 ]
2010-08-11 18:14:20 +00:00
Evan Hunt
86dcc40058
2930. [experimental] New "rndc addzone" and "rndc delzone" commads
...
allow dynamic addition and deletion of zones.
To enable this feature, specify a "new-zone-file"
option at the view or options level in named.conf.
Zone configuration information for the new zones
will be written into that file. To make the new
zones persist after a restart, "include" the file
into named.conf in the appropriate view. (Note:
This feature is not yet documented, and its syntax
is expected to change.) [RT #19447 ]
2010-07-11 00:12:57 +00:00
Automatic Updater
1b892cf691
update copyright notice
2010-07-09 23:46:51 +00:00
Evan Hunt
bf9b852c3e
2929. [bug] Improved handling of GSS security contexts:
...
- added LRU expiration for generated TSIGs
- added the ability to use a non-default realm
- added new "realm" keyword in nsupdate
- limited lifetime of generated keys to 1 hour
or the lifetime of the context (whichever is
smaller)
[RT #19737 ]
2010-07-09 05:13:15 +00:00
Mark Andrews
bf13e709db
2924. [func] 'rndc secroots' dump a combined summary of the
...
current managed keys combined with trusted keys.
[RT #20904 ]
2010-06-25 03:24:05 +00:00
Mark Andrews
48dfee7150
2920. [func] Allow 'filter-aaaa-on-v4' to be applied selectively
...
to IPv4 clients. New acl 'filter-aaaa' (default any).
2010-06-22 04:03:38 +00:00
Automatic Updater
3f2280d2fc
update copyright notice
2010-06-04 23:51:14 +00:00
Mark Andrews
ec58c4ca54
remove trailing comma
2010-06-04 00:12:54 +00:00
Automatic Updater
4dd3ec797d
update copyright notice
2010-05-18 02:38:10 +00:00
Mark Andrews
8d31dd9ab6
2897. [bug] NSEC3 chains could be left behind when transitioning
...
to insecure. [RT #21040 ]
2010-05-18 01:39:41 +00:00
Automatic Updater
515c7f3c43
update copyright notice
2010-05-14 23:50:40 +00:00
Mark Andrews
778a01b1aa
2893. [bug] Improve managed keys support. New named.conf option
...
managed-keys-directory. [RT #20924 ]
2010-05-14 04:48:28 +00:00
Mark Andrews
44f175a90a
2892. [bug] Handle REVOKED keys better. [RT #20961 ]
2010-05-14 04:38:52 +00:00
Mark Andrews
b335299322
2890. [bug] Handle the introduction of new trusted-keys and
...
DS, DLV RRsets better. [RT #21097 ]
2010-05-14 00:13:43 +00:00
Automatic Updater
a955420bed
update copyright notice
2010-05-10 23:50:55 +00:00
Mark Andrews
121f783b66
2881. [bug] Reduce the amount of time the rbtdb write lock
...
is held when closing a version. [RT #21198 ]
2010-05-10 01:39:03 +00:00
Automatic Updater
4d42b714be
update copyright notice
2010-03-04 23:50:34 +00:00
Mark Andrews
2e20dea9fc
2854. [func] nsupdate will now preserve the entered case of domain
...
names in update requests it sends. [RT #20928 ]
2010-03-04 05:24:56 +00:00
Mark Andrews
13396661f4
2854. [func] dig: allow the final soa record in a axfr response to
...
be suppressed, dig +onesoa. [RT #20929 ]
2010-03-04 05:18:04 +00:00
Automatic Updater
bd2b08d5a3
update copyright notice
2010-02-25 05:08:01 +00:00
Mark Andrews
0cae66577c
2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619 ]
2010-02-25 04:39:13 +00:00
Automatic Updater
8576a40424
update copyright notice
2010-01-12 23:48:57 +00:00
Francis Dupont
d481cfdab5
fix spelling in comment
2010-01-12 23:23:21 +00:00
Automatic Updater
b871a3e0cd
update copyright notice
2010-01-09 23:48:45 +00:00
Francis Dupont
a26d73a734
fix trivial typo in comment
2010-01-09 15:21:10 +00:00
Automatic Updater
400615c294
update copyright notice
2009-12-30 23:49:14 +00:00
Tatuya JINMEI 神明達哉
d8680445d6
2828. [security] Cached CNAME or DNAME RR could be returned to clients
...
without DNSSEC validation. [RT #20737 ]
9.4-ESV, 9.5.3, 9.6.2, 9.7.0, 9.8.0(?)
2009-12-30 08:02:23 +00:00
Evan Hunt
9ead684875
2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712 ]
2009-12-30 06:46:58 +00:00
Mark Andrews
5b77627c09
2824. [bug] "rndc sign" was not being run by the correct task.
...
[RT #20759 ]
2009-12-29 22:20:33 +00:00
Evan Hunt
bd31f734ee
2819. [cleanup] Removed unnecessary DNS_POINTER_MAXHOPS define
...
[RT #20771 ]
2009-12-24 00:35:46 +00:00
Evan Hunt
4e55893d30
2813. [bug] Better handling of unreadable DNSSEC key files.
...
[RT #20710 ]
2812. [bug] Make sure updates can't result in a zone with
NSEC-only keys and NSEC3 records. [RT 20748]
2009-12-18 22:16:49 +00:00
Automatic Updater
4b6dc226f7
update copyright notice
2009-12-04 22:06:37 +00:00
Mark Andrews
3d17a3ba61
2801. [func] Detect and report records that are different according
...
to DNSSEC but are sematically equal according to plain
DNS. Apply plain DNS comparisons rather than DNSSEC
comparisons when processing UPDATE requests.
dnssec-signzone now removes such semantically duplicate
records prior to signing the RRset.
named-checkzone -r {ignore|warn|fail} (default warn)
named-compilezone -r {ignore|warn|fail} (default warn)
named.conf: check-dup-records {ignore|warn|fail};
2009-12-04 21:09:34 +00:00
Mark Andrews
5d850024cb
2800. [func] Reject zones which have NS records which refer to
...
CNAMEs, DNAMEs or don't have address record (class IN
only). Reject UPDATEs which would cause the zone
to fail the above checks if committed. [RT #20678 ]
2009-12-04 03:33:15 +00:00
Evan Hunt
8e4f3f1cbc
2799. [cleanup] Changed the "secure-to-insecure" option to
...
"dnssec-secure-to-insecure", and "dnskey-ksk-only"
to "dnssec-dnskey-kskonly", for clarity. [RT #20586 ]
2009-12-03 23:18:17 +00:00
Evan Hunt
22304041d1
typo caused a missing semicolon
2009-12-03 16:49:09 +00:00
Evan Hunt
e6dda86e8b
2798. [bug] Addressed bugs in managed-keys initialization
...
and rollover. [RT #20683 ]
2009-12-03 15:40:03 +00:00
Vernon Schryver
5d9922e86f
Allow the optional filter-aaaa-on-v4 option in view statements to close #20635
2009-11-28 15:57:37 +00:00
Automatic Updater
2b2fc9b4df
update copyright notice
2009-11-25 23:49:22 +00:00
Mark Andrews
d0ca4e90e2
2786. [bug] Additional could be promoted to answer. [RT #20663 ]
2009-11-25 02:22:05 +00:00
Evan Hunt
cef109efa7
2780. [bug] dnssec-keygen -A none didn't properly unset the
...
activation date in all cases. [RT #20648 ]
2779. [bug] Dynamic key revokation could fail. [RT #20644 ]
2778. [bug] dnssec-signzone could fail when a key was revoked
without deleting the unrevoked version. [RT #20638 ]
2009-11-23 02:55:41 +00:00
Mark Andrews
a39a5f4d81
2772. [security] When validating, track whether pending data was from
...
the additional section or not and only return it if
validates as secure. [RT #20438 ]
2009-11-17 23:55:18 +00:00
Automatic Updater
2d84cba8f4
update copyright notice
2009-11-04 23:48:18 +00:00
Mark Andrews
0181a0a92f
2747. [bug] Journal roll forwards failed to set the re-signing
...
time of RRSIGs correctly. [RT #20541 ]
2009-11-04 01:25:55 +00:00
Mark Andrews
a3285e811d
2746. [port] hpux: address signed/unsigned expansion mismatch of
...
dns_rbtnode_t.nsec. [RT #20542 ]
2009-11-04 01:18:19 +00:00
Evan Hunt
95f2377b4f
2739. [cleanup] Clean up API for initializing and clearing trust
...
anchors for a view. [RT #20211 ]
2009-10-27 22:46:13 +00:00
Mark Andrews
63d5a6f680
2736. [func] Improve the performance of NSEC signed zones with
...
more than a normal amount of glue below a delegation.
[RT #20191 ]
2009-10-27 04:46:58 +00:00
Evan Hunt
e8831e51c1
2735. [bug] dnssec-signzone could fail to read keys
...
that were specified on the command line with
full paths, but weren't in the current
directory. [RT #20421 ]
2009-10-27 03:59:45 +00:00
Automatic Updater
5f744ebbdc
update copyright notice
2009-10-26 23:47:35 +00:00
Evan Hunt
c8aa7ce70d
2732. [func] Add optional filter-aaaa-on-v4 option, available
...
if built with './configure --enable-filter-aaaa'.
Filters out AAAA answers to clients connecting
via IPv4. (This is NOT recommended for general
use.) [RT #20339 ]
2009-10-26 23:14:54 +00:00
Evan Hunt
c021499604
2731. [func] Additional work on change 2709. The key parser
...
will now ignore unrecognized fields when the
minor version number of the private key format
has been increased. It will reject any key with
the major version number increased. [RT #20310 ]
2009-10-26 21:18:24 +00:00
Francis Dupont
775a8d86d9
keygen progress indication [RT #20284 ]
2009-10-24 09:46:19 +00:00
Evan Hunt
cc6cddfd94
2726. [func] Added support for SHA-2 DNSSEC algorithms,
...
RSASHA256 and RSASHA512. [RT #20023 ]
2009-10-22 02:21:31 +00:00
Mark Andrews
7704a47aec
2722. [bug] Ensure that the memory associated with the name of
...
a node in a rbt tree is not altered during the life
of the node. [RT #20431 ]
2009-10-20 04:57:57 +00:00
Automatic Updater
97639003b0
update copyright notice
2009-10-12 23:48:02 +00:00
Evan Hunt
77b8f88f14
2712. [func] New 'auto-dnssec' zone option allows zone signing
...
to be fully automated in zones configured for
dynamic DNS. 'auto-dnssec allow;' permits a zone
to be signed by creating keys for it in the
key-directory and using 'rndc sign <zone>'.
'auto-dnssec maintain;' allows that too, plus it
also keeps the zone's DNSSEC keys up to date
according to their timing metadata. [RT #19943 ]
2009-10-12 20:48:12 +00:00
Evan Hunt
3727725bb7
2710. [func] New 'dnssec-signzone -x' flag and 'dnskey-ksk-only'
...
zone option cause a zone to be signed with only KSKs
signing the DNSKEY RRset, not ZSKs. This reduces
the size of a DNSKEY answer. [RT #20340 ]
2009-10-10 01:48:00 +00:00
Automatic Updater
8a07de2f03
update copyright notice
2009-10-09 23:48:09 +00:00
Evan Hunt
315a1514a5
2709. [func] Added some data fields, currently unused, to the
...
private key file format, to allow implementation
of explicit key rollover in a future release
without impairing backward or forward compatibility.
[RT #20310 ]
2009-10-09 06:09:21 +00:00
Mark Andrews
d1bcaec0d6
2708. [func] Insecure to secure and NSEC3 parameter changes via
...
update are now fully supported and no longer require
defines to enable. We now no longer overload the
NSEC3PARAM flag field, nor the NSEC OPT bit at the
apex. Secure to insecure changes are controlled by
by the named.conf option 'secure-to-insecure'.
Warning: If you had previously enabled support by
adding defines at compile time to BIND 9.6 you should
ensure that all changes that are in progress have
completed prior to upgrading to BIND 9.7. BIND 9.7
is not backwards compatible.
2009-10-09 00:33:39 +00:00
Automatic Updater
15bbb8a129
update copyright notice
2009-10-08 23:48:10 +00:00
Mark Andrews
2847930722
2708. [func] Insecure to secure and NSEC3 parameter changes via
...
update are now fully supported and no longer require
defines to enable. We now no longer overload the
NSEC3PARAM flag field, nor the NSEC OPT bit at the
apex. Secure to insecure changes are controlled by
by the named.conf option 'secure-to-insecure'.
Warning: If you had previously enabled support by
adding defines at compile time to BIND 9.6 you should
ensure that all changes that are in progress have
completed prior to upgrading to BIND 9.7. BIND 9.7
is not backwards compatible.
2009-10-08 23:13:07 +00:00
Evan Hunt
246c504f90
2706. [bug] Loading a zone with a very large NSEC3 salt could
...
trigger an assert. [RT #20368 ]
2009-10-06 21:20:45 +00:00
Evan Hunt
3ff75c89eb
2704. [bug] Serial of dynamic and stub zones could be inconsistent
...
with their SOA serial. [RT #19387 ]
2009-10-05 19:39:20 +00:00
Francis Dupont
8b78c993cb
explicit engine rt20230a
2009-10-05 17:30:49 +00:00
Francis Dupont
debd489a44
noreturn RT #20257
2009-09-29 15:06:07 +00:00
Evan Hunt
53c22b8e0d
2685. [bug] Fixed dnssec-signzone -S handling of revoked keys.
...
Also, added warnings when revoking a ZSK, as this is
not defined by protocol (but is legal). [RT #19943 ]
2009-09-23 16:01:57 +00:00
Evan Hunt
b843f577bb
2677. [func] Changes to key metadata behavior:
...
- Keys without "publish" or "active" dates set will
no longer be used for smart signing. However,
those dates will be set to "now" by default when
a key is created; to generate a key but not use
it yet, use dnssec-keygen -G.
- New "inactive" date (dnssec-keygen/settime -I)
sets the time when a key is no longer used for
signing but is still published.
- The "unpublished" date (-U) is deprecated in
favor of "deleted" (-D).
[rt20247]
2009-09-14 18:45:45 +00:00
Evan Hunt
dbabab1f37
rt20045:
...
- sync_keyzone() could leak ISC_R_NOMORE, causing zone_postload() to think
it had failed
- journal roll-forward on key zones complained about having the wrong
number of SOA records
- dns_soa_buildrdata() could return a pointer to memory allocated on the
stack
2009-09-10 01:47:09 +00:00
Automatic Updater
d7201de09b
update copyright notice
2009-09-02 23:48:03 +00:00
Evan Hunt
eab9975bcf
2668. [func] Several improvements to dnssec-* tools, including:
...
- dnssec-keygen and dnssec-settime can now set key
metadata fields 0 (to unset a value, use "none")
- dnssec-revoke sets the revocation date in
addition to the revoke bit
- dnssec-settime can now print individual metadata
fields instead of always printing all of them,
and can print them in unix epoch time format for
use by scripts
[RT #19942 ]
2009-09-02 06:29:01 +00:00
Tatuya JINMEI 神明達哉
44de0b1f7d
2666. [func] Added an 'options' argument to dns_name_fromstring()
...
(API change from 9.7.0a2). [RT #20196 ]
2009-09-01 17:36:51 +00:00
Tatuya JINMEI 神明達哉
307d208450
2660. [func] Add a new set of DNS libraries for non-BIND9
...
applications. See README.libdns. [RT #19369 ]
2009-09-01 00:22:28 +00:00
Automatic Updater
26d8ffe715
update copyright notice
2009-07-19 23:47:55 +00:00
Evan Hunt
553ead32ff
2636. [func] Simplify zone signing and key maintenance with the
...
dnssec-* tools. Major changes:
- all dnssec-* tools now take a -K option to
specify a directory in which key files will be
stored
- DNSSEC can now store metadata indicating when
they are scheduled to be published, acttivated,
revoked or removed; these values can be set by
dnssec-keygen or overwritten by the new
dnssec-settime command
- dnssec-signzone -S (for "smart") option reads key
metadata and uses it to determine automatically
which keys to publish to the zone, use for
signing, revoke, or remove from the zone
[RT #19816 ]
2009-07-19 04:18:05 +00:00
Mark Andrews
109580e7e5
2920. [bug] Delay thawing the zone until the reload of it has
...
completed successfully. [RT #19750 ]
2009-07-02 07:39:03 +00:00
Automatic Updater
c6fb85f950
update copyright notice
2009-07-01 23:47:36 +00:00
Evan Hunt
cfb1587eb9
2619. [func] Add support for RFC 5011, automatic trust anchor
...
maintenance. The new "managed-keys" statement can
be used in place of "trusted-keys" for zones which
support this protocol. (Note: this syntax is
expected to change prior to 9.7.0 final.) [RT #19248 ]
2009-06-30 02:53:46 +00:00
Automatic Updater
754cb8a2b3
update copyright notice
2009-06-11 23:47:56 +00:00
Evan Hunt
351b62535d
2609. [func] Simplify the configuration of dynamic zones:
...
- add ddns-confgen command to generate
configuration text for named.conf
- add zone option "ddns-autoconf yes;", which
causes named to generate a TSIG session key
and allow updates to the zone using that key
- add '-l' (localhost) option to nsupdate, which
causes nsupdate to connect to a locally-running
named process using the session key generated
by named
[RT #19284 ]
2009-06-10 00:27:22 +00:00
Automatic Updater
39844d4710
update copyright notice
2009-06-04 02:56:47 +00:00
Mark Andrews
2534a73a59
2608. [func] Perform post signing verification checks in
...
dnssec-signzone. These can be disabled with -P.
The post sign verification test ensures that for each
algorithm in use there is at least one non revoked
self signed KSK key. That all revoked KSK keys are
self signed. That all records in the zone are signed
by the algorithm. [RT #19653 ]
2009-06-04 02:13:37 +00:00
Tatuya JINMEI 神明達哉
40d0f115a6
2604. [func] Add support for DNS rebinding attack prevention through
...
new options, deny-answer-addresses and
deny-answer-aliases. Based on contributed code from
JD Nurmi, Google. [RT #18192 ]
2009-05-29 22:22:37 +00:00
Francis Dupont
ff380b05fe
comment fixes (rt19624)
2009-05-07 09:41:23 +00:00
Automatic Updater
7a272c6b0d
update copyright notice
2009-05-06 23:47:50 +00:00
Tatuya JINMEI 神明達哉
5d7849ad7f
2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
...
long, leading to inefficient memory usage or rejecting
newer cache entries in the worst case. [RT #19563 ]
2009-05-06 22:53:54 +00:00
Evan Hunt
3f8be559f0
2575. [func] New functions dns_name_fromstring() and
...
dns_name_tostring(), to simplify conversion
of a string to a dns_name structure and vice
versa. [RT #19451 ]
2009-03-11 07:02:34 +00:00
Automatic Updater
39a8abdb83
update copyright notice
2009-01-27 23:47:54 +00:00
Tatuya JINMEI 神明達哉
d9059b0c38
2537. [func] Added more statistics counters including those on socket
...
I/O events and query RTT histograms. [RT #18802 ]
2009-01-27 22:30:00 +00:00
Automatic Updater
d362465c77
update copyright notice
2009-01-17 23:47:43 +00:00
Francis Dupont
08d44d4510
spelling
2009-01-17 13:33:29 +00:00
Francis Dupont
7d6d9c2240
spelling
2009-01-17 13:25:11 +00:00
Francis Dupont
45b4efd07f
spelling
2009-01-17 12:56:23 +00:00
Francis Dupont
3678015d3f
spelling
2009-01-17 11:57:25 +00:00
Automatic Updater
9e0d0a279b
update copyright notice
2009-01-09 23:47:46 +00:00
Tatuya JINMEI 神明達哉
7781f25078
2526. [func] New named option "attach-cache" that allows multiple
...
views to share a single cache to save memory and
improve lookup efficiency. [RT 18905]
2009-01-09 22:24:37 +00:00
Automatic Updater
d7845fc5ba
update copyright notice
2009-01-07 23:47:47 +00:00
Tatuya JINMEI 神明達哉
609f86163a
2525. [func] New logging category "query-errors" to provide detailed
...
internal information about query failures, especially
about server failures. [RT #19027 ]
2009-01-07 01:46:40 +00:00
Automatic Updater
5569e7de51
update copyright notice
2009-01-05 23:47:54 +00:00
Tatuya JINMEI 神明達哉
3fb1637c92
trivial comment cleanups (RT#19118)
2009-01-05 23:20:22 +00:00
Mark Andrews
a5746c4ec1
2511. [cleanup] dns_rdata_tofmttext() add const to linebreak.
...
[RT #18885 ]
2008-12-12 04:37:24 +00:00
Automatic Updater
49960a74b5
update copyright notice
2008-11-14 23:47:33 +00:00
Mark Andrews
da2d57c8cf
2493. [bug] The linux capabilites code was not correctly cleaning
...
up after itself. [RT #18767 ]
2008-11-14 05:24:11 +00:00
Automatic Updater
3398334b3a
update copyright notice
2008-09-25 04:02:39 +00:00
Automatic Updater
6e2871232f
update copyright notice
2008-09-24 03:16:58 +00:00
Mark Andrews
6098d364b6
2448. [func] Add NSEC3 support. [RT #15452 ]
2008-09-24 02:46:23 +00:00
Mark Andrews
739240a9d1
remove dns_stats_copy dns_stats_create dns_stats_destroy dns_stats_incrementcounter dns_zone_getstats
2008-09-08 05:59:11 +00:00
Mark Andrews
7e52028a83
remove dns_resolver_createdispatchpool
2008-09-08 05:41:22 +00:00
Automatic Updater
2cf81a3d8a
update copyright notice
2008-06-23 23:47:11 +00:00
Tatuya JINMEI 神明達哉
386d3a99c1
2375. [security] Fully randomize UDP query ports to improve
...
forgery resilience. [RT #17949 , #18098 ]
2008-06-23 19:41:20 +00:00
Evan Hunt
5a17fe2916
Default values of zone ACLs were re-parsed each time a new zone was
...
configured, causing an overconsumption of memory. [rt18092]
2008-05-21 23:17:21 +00:00
Automatic Updater
f052a01ff2
update copyright notice
2008-04-04 23:47:01 +00:00
Mark Andrews
77abeb5330
rebase NSEC3 code
2008-04-04 05:34:07 +00:00
Automatic Updater
ddad355529
update copyright notice
2008-04-03 06:09:05 +00:00
Mark Andrews
8907d8fa04
2355. [func] Extend the number statistics counters available.
...
[RT #17590 ]
2008-04-03 05:55:52 +00:00
Mark Andrews
db30f4bdcb
2353. [func] Add support for Name Server ID (RFC 5001).
...
'dig +nsid' requests NSID from server.
'request-nsid yes;' causes recursive server to send
NSID requests to upstream servers. Server responds
to NSID requests with the string configured by
'server-id' option. [RT #17091 ]
2008-04-03 02:01:08 +00:00
Mark Andrews
3f42cf2f3e
2349. [func] Provide incremental re-signing support for secure
...
dynamic zones. [RT #1091 ]
back out incorrect branch rt1091 and apply correct branch rt1091a.
2008-04-02 02:37:42 +00:00
Mark Andrews
a0735eeac5
unit16_t -> isc_uint16_t
2008-04-02 01:48:32 +00:00
Automatic Updater
e672951ed2
update copyright notice
2008-04-01 23:47:10 +00:00
Mark Andrews
a76b380643
2349. [func] Provide incremental re-signing support for secure
...
dynamic zones. [RT #1091 ]
2008-04-01 01:37:25 +00:00
Francis Dupont
2a31bd5310
add EVP and PKCS11
2008-03-31 14:42:51 +00:00
Automatic Updater
cbf0854acc
update copyright notice
2008-01-24 23:47:00 +00:00
Tatuya JINMEI 神明達哉
1c3ed2a83d
2320. [func] Make statistics couters thread-safe for platforms
...
that support certain atomic operations. [RT #17466 ]
2008-01-24 02:00:44 +00:00
Automatic Updater
2f012d936b
update copyright notice
2008-01-18 23:46:58 +00:00
Automatic Updater
1da14e066c
update copyright notice
2008-01-02 23:47:02 +00:00
Mark Andrews
92f60809e8
2286. [func] Allow a TCP connection to be used as a weak
...
authentication method for reverse zones.
New update-policy methods tcp-self and 6to4-self.
[RT #17378 ]
2008-01-02 05:13:42 +00:00
Mark Andrews
114c14f8ad
2282. [bug] Acl code fixups. [RT #17346 ] [RT #17374 ]
2007-12-21 06:46:47 +00:00
Mark Andrews
301f6ffbbe
2276. [bug] Install <dst/gssapi.h>. [RT# 17359]
2007-12-11 20:28:55 +00:00
Michael Graff
b239c8294a
commit lruttl to the mainline. A tag was set called skan_lruttl-mainline-base, and I will tag this as skan_lruttl-mainline-merge after this commit
2007-10-19 17:15:53 +00:00
Mark Andrews
8bedd9647f
2245. [bug] Validating lack of DS records at trust anchors wasn't
...
working. [RT #17151 ]
2007-09-19 03:38:56 +00:00
Mark Andrews
ca84283333
2244. [func] Allow the check of nameserver names against the
...
SOA MNAME field to be disabled by specifying
'notify-to-soa yes;'. [RT #17073 ]
2007-09-18 00:22:31 +00:00
Mark Andrews
12e0477d4e
Part 2 of:
...
2233. [func] Add support for O(1) ACL processing, based on
radix tree code originally written by kevin
brintnall. [RT #16288 ]
2007-09-14 01:46:06 +00:00
Automatic Updater
2c94a0e56d
update copyright notice
2007-09-12 23:46:47 +00:00
Evan Hunt
3181d0e359
Add support for O(1) ACL processing, based on radix tree code originally
...
written by kevin brintnall. [RT #16288 ]
2007-09-12 01:46:28 +00:00
Evan Hunt
c7e266b7e5
Add support for O(1) ACL processing, based on radix tree code originally
...
written by kevin brintnall. [RT #16288 ]
2007-09-12 01:09:08 +00:00
Mark Andrews
07072c9456
2203. [security] Query id generation was cryptographically weak.
...
[RT # 16915]
2007-06-26 02:52:15 +00:00
Automatic Updater
70e5a7403f
update copyright notice
2007-06-19 23:47:24 +00:00
Automatic Updater
ec5347e2c7
update copyright notice
2007-06-18 23:47:57 +00:00
Automatic Updater
feac7b8b38
update copyright notice
2007-05-21 03:46:42 +00:00
Mark Andrews
bc6af069c8
2190. [func] Make fallback to plain DNS from EDNS due to timeouts
...
more visible. New logging category "edns-disabled".
[RT #16871 ]
2007-05-21 02:03:22 +00:00
Mark Andrews
40aadb6a14
2179. [func] 'rndc command zone' will now find 'zone' if it is
...
unique to all the views. [RT #16821 ]
2007-05-15 02:38:34 +00:00
Automatic Updater
858ad8db23
update copyright notice
2007-03-29 23:47:04 +00:00
Mark Andrews
819b98479e
2165. [func] Allow the destination address of a query to determine
...
if we will answer the query or recurse.
allow-query-on, allow-recursion-on and
allow-query-cache-on. [RT #16291 ]
2007-03-29 06:36:31 +00:00
Automatic Updater
1b5a345334
update copyright notice
2007-03-06 02:12:39 +00:00
Mark Andrews
a56f5ada43
2157. [func] dns_db_transfernode() created. [RT #16685 ]
...
2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
resolver.c:validated() and resolver.c:cache_name().
Fix a memory leak in rbtdb.c:free_noqname().
Make lookup.c:lookup_find() robust against
event leaks. [RT #16685 ]
2007-03-06 00:38:58 +00:00
Mark Andrews
0b174d1243
update copyright notice
2007-02-06 00:01:23 +00:00
Mark Andrews
281bab0f36
2129. [func] Provide a pool of UDP sockets for queries to be
...
made over. See use-queryport-pool, queryport-pool-ports
and queryport-pool-updateinterval. [RT #16415 ]
2007-02-02 02:18:06 +00:00
Mark Andrews
f36c85c3ce
update copyright notice
2007-01-08 02:45:04 +00:00
Mark Andrews
3052274767
2126. [bug] Serialise validation of type ANY responses. [RT #16555 ]
2007-01-08 01:13:38 +00:00
Mark Andrews
148f27aee6
update copyright notice
2006-12-22 01:59:44 +00:00
Mark Andrews
29747dfe5e
2123. [func] Use Doxygen to generate internal documention.
...
[RT #11398 ]
2006-12-22 01:46:19 +00:00
Mark Andrews
186e7f37c9
2122. [func] Experimental http server and statistics support
...
for named via xml.
2006-12-21 06:03:37 +00:00
Mark Andrews
1372e172d0
2121. [func] Add a 10 slot dead masters cache (LRU) with a 600
...
second timeout. [RT #16553 ]
2006-12-18 23:58:14 +00:00
Mark Andrews
21c7ecb9f0
better mcxt handling. remove buffer handling layer violation
2006-12-05 21:59:12 +00:00
Mark Andrews
377231eb95
update copyright notice
2006-12-05 00:13:48 +00:00
Mark Andrews
289ae548d5
2105. [func] GSS-TSIG support (RFC 3645).
2006-12-04 01:54:53 +00:00
Mark Andrews
8db2f89e23
spelling
2006-08-01 03:42:56 +00:00
Mark Andrews
cd7812e4b1
update copyright notice
2006-07-20 01:10:31 +00:00
Mark Andrews
799a39bc80
of -> or
2006-07-19 01:04:08 +00:00
Mark Andrews
2db8db6399
2049. [bug] Restore SOA before AXFR when falling back from
...
a attempted IXFR when transfering in a zone.
Allow a initial SOA query before attempting
a AXFR to be requested. [RT #16156 ]
2006-07-19 00:53:42 +00:00
Mark Andrews
a45a6ea2b0
2035. [func] Make falling back to TCP on UDP refresh failure
...
optional. Default "try-tcp-refresh yes;" for BIND 8
compatibility. [RT #16123 ]
2006-06-04 23:17:07 +00:00
Mark Andrews
5f7ca73d88
update copyright notice
2006-05-03 00:07:50 +00:00
Shane Kerr
0d8971a4b8
Stats for acache.
2006-05-02 13:04:54 +00:00
Mark Andrews
cfe92110ce
2007. [func] It is now possible to explicitly enable DNSSEC
...
validation. default dnssec-validation no; to
be changed to yes in 9.5.0. [RT #15674 ]
2006-03-09 23:21:54 +00:00
Mark Andrews
59d84d1b07
2001. [func] Check the KSK flag when updating a secure dynamic zone.
...
New zone option "update-check-ksk yes;". [RT #15817 ]
2006-03-06 01:27:52 +00:00
Mark Andrews
d76ed813a5
1999. [func] Implement "rrset-order fixed". [RT #13662 ]
2006-03-03 00:43:35 +00:00
Mark Andrews
f27eae9cfe
1996. [bug] nsupdate: if a zone has been specified it should
...
appear in the output of 'show'. [RT #15797 ]
2006-03-02 01:57:20 +00:00
Mark Andrews
641f68d427
update copyright notice
2006-03-02 00:37:23 +00:00
Mark Andrews
45e1bd6358
1991. [cleanup] The configuration data, once read, should be treated
...
as readonly. Expand the use of const to enforce this
at compile time. [RT #15813 ]
2006-02-28 02:39:52 +00:00
Mark Andrews
3432cd6979
update copyright notice
2006-02-22 23:50:10 +00:00
Mark Andrews
c5387e6942
1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608 ]
2006-02-21 23:49:51 +00:00
Mark Andrews
d00e58d481
1986. [func] Report when a zone is removed. [RT #15849 ]
2006-02-21 23:12:27 +00:00
Mark Andrews
7d4a465de0
1597. [func] Allow notify-source and query-source to be specified
...
on a per server basis similar to transfer-source.
2006-02-17 00:24:21 +00:00
Mark Andrews
fd3cdd15de
update copyright notice
2006-02-16 23:51:33 +00:00
Mark Andrews
6e373c5025
1983. [func] Two new update policies. "selfsub" and "selfwild".
...
[RT #12895 ]
2006-02-16 01:34:24 +00:00
Mark Andrews
b32bf402e0
comment typo
2006-02-01 22:38:56 +00:00
Mark Andrews
26e2a07a0b
update copyright notice
2006-01-27 23:57:46 +00:00
Mark Andrews
c6d4f78152
1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and
...
HMACSHA512 support. [RT #13606 ]
2006-01-27 02:35:15 +00:00
Mark Andrews
1b06367c34
update copyright notice
2006-01-06 00:01:44 +00:00
Mark Andrews
dc6da18ccb
1964. [func] Seperate out MX and SRV to CNAME checks. [RT #15723 ]
2006-01-05 23:45:34 +00:00
Mark Andrews
a1bc941093
1959. [func] Control the zeroing of the negative response TTL to
...
a soa query. Defaults "zero-no-soa-ttl yes;" and
"zero-no-soa-ttl-cache no;". [RT #15460 ]
2006-01-05 02:19:02 +00:00
Mark Andrews
6657a9e2d8
1957. [bug] Dig mishandled responses to class ANY queries.
...
[RT #15402 ]
2006-01-05 00:58:22 +00:00
Mark Andrews
08c9026166
1953. [func] Named now falls back to advertising EDNS with a
...
512 byte receive buffer if the initial EDNS queries
fail. [RT #14852 ]
1952. [func] The maximum EDNS UDP response named will send can
now be set in named.conf (max-udp-size). This is
independent of the advertised receive buffer
(edns-udp-size). [RT #14852 ]
2006-01-05 00:01:46 +00:00
Mark Andrews
acb4f52369
update copyright notice
2006-01-04 23:50:24 +00:00
Mark Andrews
fabf2ee6b0
1947. [func] It is now possible to configure named to accept
...
expired RRSIGs. Default "dnssec-accept-expired no;".
Setting "dnssec-accept-expired yes;" leaves named
vulnerable to replay attacks. [RT #14685 ]
2006-01-04 02:35:49 +00:00
Mark Andrews
cf224bbf7b
1942. [bug] If the name of a DNSKEY match that of one in
...
trusted-keys do not attempt to validate the DNSKEY
using the parents DS RRset. [RT #15649 ]
2005-12-04 23:54:01 +00:00
Mark Andrews
60ab03125c
1939. [bug] The resolver could dereference a null pointer after
...
validation if all the queries have timed out.
[RT #15528 ]
1938. [bug] The validator was not correctly handling unsecure
negative responses at or below a SEP. [RT #15528 ]
2005-11-03 00:51:55 +00:00
Mark Andrews
1425217e5c
spelling arguement vs arguments
2005-10-26 04:35:56 +00:00
Mark Andrews
982e072a50
1927. [bug] Access to soanode or nsnode in rbtdb violated the
...
lock order rule and could cause a dead lock.
[RT# 15518]
2005-10-13 01:58:32 +00:00
Mark Andrews
037b732f88
update
...
1920. [bug] The cache rbtdb lock array was too small to
have the desired performance characteristics.
[RT #15454 ]
2005-10-13 01:19:15 +00:00
Mark Andrews
4c1817c29c
damp interations adjustments [RT#15404
2005-09-20 04:22:46 +00:00
Mark Andrews
ed6ca94ad7
finetune isc_thread_key implementation [RT #15408 ]
2005-09-18 07:16:24 +00:00
Mark Andrews
6cf369f528
1916. [func] Integrate contibuted IDN code from JPNIC. [RT #15383 ]
2005-09-09 06:17:03 +00:00
Mark Andrews
675d696977
update copyright notice
2005-09-06 03:51:37 +00:00
Mark Andrews
03e200df5d
1913. [func] Integrate contibuted DLZ code into named. [RT #11382 ]
2005-09-05 00:12:29 +00:00
Mark Andrews
74f261bd2b
1920. [bug] Update windows socket code. [RT #14965 ]
2005-09-01 02:25:06 +00:00
Mark Andrews
5be3685b0e
1919. [bug] dig's +sigchase code overhauled. [RT #14933 ]
...
1918. [bug] The DLV code has been re-worked to make no longer
query order sensitive. [RT #14933 ]
2005-08-25 00:56:08 +00:00
Mark Andrews
2c15fcdeac
seperate out sibling glue checks
2005-08-24 23:54:04 +00:00
Mark Andrews
4e1d3e67cd
1914. [bug] Strings returned from cfg_obj_asstring() should be
...
treated as read-only. The prototype for
cfg_obj_asstring() has been updated to reflect this.
[RT #15256 ]
2005-08-23 02:36:11 +00:00
Mark Andrews
6b79e960e6
1913. [func] Automatic empty zone creation for D.F.IP6.ARPA and
...
friends. Note: RFC 1918 zones are not yet covered by
this but are likely to be in a future release.
New options: empty-server, empty-contact,
empty-zones-enable and disable-empty-zone.
2005-08-18 00:57:31 +00:00
Mark Andrews
261a6a1f7d
1911. [func] Attempt to make the amount of work performed in a
...
iteration self tuning. The covers nodes clean from
the cache per iteration, nodes written to disk when
rewriting a master file and nodes destroyed per
iteration when destroying a zone or a cache.
[RT #14996 ]
2005-08-15 01:21:07 +00:00
Mark Andrews
fb827ed6df
9.4/HEAD sync
2005-07-18 06:03:01 +00:00
Mark Andrews
e174044290
1817. [func] Add support for additional zone file formats for
...
improving loading performance. The masterfile-format
option in named.conf can be used to specify a
non-default format. A separate command
named-compilezone was provided to generate zone files
in the new format. Additionally, the -I and -O options
for dnssec-signzone specify the input and output
formats.
2005-06-28 02:55:09 +00:00
Mark Andrews
fd780f3d47
1891. [func] Limit the number of recursive clients that can be
...
waiting for a single query (<qname,qtype,qclass>) to
resolve. New options clients-per-query and
max-clients-per-query.
2005-06-27 00:15:45 +00:00
Mark Andrews
bcf369e513
1889. [func] The lame cache is now done on a <qname,qclass,qtype>
...
basis as some servers only appear to be lame for
certain query types. [RT #14916 ]
2005-06-23 04:22:02 +00:00
Mark Andrews
a903095bf4
1817. [func] add support for additional zone file formats for
...
improving loading performance. The masterfile-format
option in named.conf can be used to specify a
non-default format. A new separate command
named-compilezone was provided to generate zone files
in a new format.
2005-06-20 01:05:33 +00:00
Mark Andrews
9b80f3a7c7
1887. [func] Detect duplicates of UDP queries we are recursing on
...
and drop them. New stats category "duplicates".
[RT #14892 ]
2005-06-17 01:58:23 +00:00
Mark Andrews
1c153afce5
1868. [func] edns-udp-size can now be overridden on a per
...
server basis. [RT #14851 ]
2005-06-07 00:27:34 +00:00
Mark Andrews
1fc4793844
1879. [func] Added framework for handling multiple EDNS versions.
...
1878. [func] dig can now specify the EDNS version when making
a query.
2005-06-07 00:16:01 +00:00
Tatuya JINMEI 神明達哉
5597be9bb8
1813. [func] Restructured the data locking framework using
...
architecture dependent atomic operations (when
available), improving response performance on
multi-processor machines significantly.
x86, x86_64, alpha, and sparc64 are currently
supported.
(RT #13505 )
2005-06-04 05:32:50 +00:00
Mark Andrews
c5223c9cb7
1862. [func] Add additional zone data constancy checks.
...
named-checkzone has extended checking of NS, MX and
SRV record and the hosts they reference.
named has extended post zone load checks.
New zone options: check-mx and integrity-check.
[RT #4940 ]
2005-05-19 04:59:05 +00:00
Mark Andrews
69fe9aaafd
update copyright notice
2005-04-29 00:24:12 +00:00
Rob Austein
ab023a6556
1851. [doc] Doxygen comment markup. [RT #11398 ]
2005-04-27 04:57:32 +00:00
Mark Andrews
9f069b2771
update copyright notice
2005-03-17 03:56:12 +00:00
Mark Andrews
8a713ca49d
1807. [bug] When forwarding (forward only) set the active domain
...
from the forward zone name. [RT #13526 ]
2005-03-16 03:50:47 +00:00
Mark Andrews
b7b6b01a0d
update copyright
2005-03-16 00:55:19 +00:00
Mark Andrews
e50b75e36c
1804. [bug] Ensure that if we are queried for glue that it fits
...
in the additional section or TC is set to tell the
client to retry using TCP. [RT #10114 ]
2005-03-15 01:29:10 +00:00
Mark Andrews
408767b505
update copyright notice
2005-03-06 15:30:37 +00:00
Mark Andrews
c941e32d22
1819. [bug] The validator needed to check both the algorithm and
...
digest types of the DS to determine if it could be
used to introduce a secure zone. [RT #13593 ]
2005-03-04 03:53:22 +00:00
Mark Andrews
39c7fc7e00
1811. [func] Preserve the case of domain names in rdata during
...
zone transfers. [RT #13547 ]
2005-03-04 02:56:21 +00:00
Mark Andrews
4c0903254b
typo in comment
2005-02-17 05:49:01 +00:00
Mark Andrews
08097713a4
update copyright notice
2005-02-11 00:01:58 +00:00
Mark Andrews
3aca8e5bf3
1758. [func] Don't send notify messages to self. [RT #12933 ]
2005-02-10 05:53:43 +00:00
Mark Andrews
07b9b1c44e
update copyright notice
2005-02-07 23:57:02 +00:00
Mark Andrews
4296c5480d
1801. [func] Report differences between hints and real NS rrset
...
and associated address records.
2005-02-07 00:53:29 +00:00
Mark Andrews
ebf264ea10
update copyright
2005-01-17 23:58:33 +00:00
Mark Andrews
e89e09eda8
update copyrights
2005-01-17 04:11:34 +00:00
Mark Andrews
4844ed026a
1798. [func] The server syntax has been extended to support a
...
range of servers. [RT #11132 ]
2005-01-17 00:46:05 +00:00
Mark Andrews
7502c66006
1796. [func] "rndc freeze/thaw" now freezes/thaws all zones.
2005-01-14 03:28:09 +00:00
Mark Andrews
48f929d315
1792. [func] New zone option "notify-delay". Specify a minimum
...
delay between sets of NOTIFY messages.
2005-01-11 23:10:06 +00:00
Mark Andrews
2f4ffd7f55
update copyrights
2005-01-10 23:43:27 +00:00
Mark Andrews
508f61f8d6
1794. [func] Named and named-checkzone can now both check for
...
non-terminal wildcard records.
2005-01-09 23:40:04 +00:00
Mark Andrews
0c865fa57d
update copyright notice
2004-12-23 00:13:17 +00:00
Tatuya JINMEI 神明達哉
1ba466b68e
new copyright for new files
2004-12-21 10:54:12 +00:00
Tatuya JINMEI 神明達哉
d0eb2cc33c
1526. [func] Implemented "additional section caching (or acache)",
...
an internal cache framework for additional section
content to improve response performance. Several
configuration options were provided to control the
behavior.
2004-12-21 10:45:20 +00:00
Mark Andrews
494576ce20
1790. [cleanup] Move lib/dns/sec/dst up into lib/dns. This should
...
allow parallel make to succeed.
2004-12-09 01:41:25 +00:00
Mark Andrews
e743a2b3b7
1753. [bug] Don't serve a slave zone which has no NS records.
...
[RT #12894 ]
2004-10-26 02:01:19 +00:00
Mark Andrews
073bd4c4bc
1739. [bug] dns_rbt_deletetree() could incorrectly return
...
ISC_R_QUOTA. [RT #12695 ]
1738. [bug] Enable overrun checking by default. [RT #12695 ]
2004-10-11 05:49:29 +00:00
Mark Andrews
a9977c0fda
bad descriptions s/dns_label_countlabels/dns_name_countlabels/
2004-09-08 00:26:14 +00:00
Mark Andrews
d6fe7ba949
1708. [cleanup] Replaced dns_fullname_hash() with dns_name_fullhash()
...
for conformance to the name space convention. Binary
backward compatibility to the old function name is
provided. [RT #12376 ]
2004-09-01 05:13:06 +00:00
Mark Andrews
2597c68ffe
improve dns_name_getlabelsequence() description.
2004-08-10 00:35:01 +00:00
Mark Andrews
1a6204b6f2
1689. [bug] DNS_NAME_TOREGION() and DNS_NAME_SPLIT() macros
...
contained gratuitous semicolons. [RT #11707 ]
2004-07-22 00:09:27 +00:00
Mark Andrews
6fac7ff1f9
1606. [bug] DVL insecurity proof was failing.
...
1605. [func] New dns_db_find() option DNS_DBFIND_COVERINGNSEC.
2004-05-14 04:45:58 +00:00
Mark Andrews
8d414d1559
1600. [bug] Duplicate zone pre-load checks were not case
...
insensitive.
1599. [bug] Fix memory leak on error path when checking named.conf.
1598. [func] Specify that certain parts of the namespace must
be secure (dnssec-must-be-secure).
2004-04-15 23:40:27 +00:00
Mark Andrews
3b1fce680f
1595. [func] New notify type 'master-only'. Enable notify for
...
master zones only.
2004-03-30 02:13:45 +00:00
Mark Andrews
c5cde9d5a7
1593. [bug] rndc should return "unknown command" to unknown
...
commands. [RT# 10642]
2004-03-22 01:46:01 +00:00
Mark Andrews
36fa8f333a
Update description: ISC_R_CONTINUE -> DNS_R_CONTINUE
2004-03-19 04:50:20 +00:00
Mark Andrews
1676408640
pullup silence compiler fixes
...
ifconfig.sh for Solaris 9
README updates
2004-03-18 02:58:08 +00:00
Mark Andrews
50105afc55
1589. [func] DNSSEC lookaside validation.
...
enable-dnssec -> dnssec-enable
2004-03-10 02:19:58 +00:00
Mark Andrews
dafcb997e3
update copyright notice
2004-03-05 05:14:21 +00:00
Mark Andrews
a03848252f
1580. [bug] Zone destuction on final detach takes a long time.
...
[RT #3746 ]
1579. [bug] Multiple task managers could not be created.
2004-03-04 06:56:41 +00:00
Mark Andrews
d5ad558234
1540. [bug] "rndc reload <dynamiczone>" was silently accepted.
...
[RT #8934 ]
2004-03-02 02:37:11 +00:00
Mark Andrews
2047977ce2
1586. [func] "check-names" is now implemented.
2004-02-27 20:41:51 +00:00
Mark Andrews
89783da064
1581. [func] Disable DNSSEC support by default. To enable
...
DNSSEC specify "enable-dnssec yes;" in named.conf.
2004-02-17 03:40:23 +00:00
Mark Andrews
26cca757be
CD is state is returned to querier.
2004-01-21 14:13:51 +00:00
Mark Andrews
35541328a8
1558. [func] New DNSSEC 'disable-algorithms'. Support entry into
...
child zones for which we don't have a supported
algorithm. Such child zones are treated as unsigned.
1557. [func] Implement missing DNSSEC tests for
* NOQNAME proof with wildcard answers.
* NOWILDARD proof with NXDOMAIN.
Cache and return NOQNAME with wildcard answers.
2004-01-14 02:06:51 +00:00
Mark Andrews
61fb42c4ef
1555. [func] 'rrset-order cyclic' now longer has a random starting
...
point. [RT #7572 ]
2004-01-12 04:19:42 +00:00
Mark Andrews
d0aebc5a55
1549. [func] named-checkzone can now write out the zone contents
...
in a easily parsable format (-D and -o).
2004-01-07 05:27:17 +00:00
Mark Andrews
185fd22738
1541. [func] NSEC now uses new bitmap format.
2003-12-13 04:20:44 +00:00
Tatuya JINMEI 神明達哉
e407562a75
1528. [cleanup] Simplify some dns_name_ functions based on the
...
deprecation of bitstring labels.
2003-10-25 00:31:12 +00:00
Mark Andrews
fcb54ce0a4
whitespace / layout
2003-10-17 03:46:46 +00:00
Mark Andrews
8d42bb315c
1522. [bug] dns_db_findnode() relax the requirements on 'name'.
...
[RT# 9286]
2003-10-03 03:12:35 +00:00
Mark Andrews
93d6dfaf66
1516. [func] Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.
2003-09-30 06:00:40 +00:00
Tatuya JINMEI 神明達哉
600cbd1fce
1515. [func] Allow transfer source to be set in a server statement.
...
[RT #6496 ]
implemented by marka, reviewed and documented by jinmei.
Notes:
lib/dns/zone.c had to be modified manually.
ARM html files were not regenerated (yet).
2003-09-25 18:16:50 +00:00
Mark Andrews
f4fb3dc516
remove extaneous semicolon
2003-09-19 14:35:03 +00:00
Mark Andrews
68a918e038
rootexlude -> rootexclude
...
free and initialise rootdelonly & rootexclude
buy -> by
2003-09-19 13:17:21 +00:00
Mark Andrews
0b1da8124c
1510. [func] New view option "root-delegation-only". Apply
...
delegation-only check to all TLDs and root.
Note there are some TLDs that are NOT delegation
only (e.g. DE and MUSEUM) these can be excluded
from the checks buy using exclude.
root-delegation-only exclude { "DE"; "MUSEUM"; };
2003-09-19 12:39:49 +00:00
Mark Andrews
4607e7a9b8
1504. [func] New zone type "delegation-only".
2003-09-17 05:24:43 +00:00
Mark Andrews
57443f34ba
remove redundant check [RT #8539 ]
2003-07-30 00:54:27 +00:00
Mark Andrews
1e107b3d7b
1495. [cleanup] Replace hash functions with universal hash.
2003-07-25 02:22:26 +00:00
Mark Andrews
182a34004c
1463. [bug] dns_rdata_from{wire,struct}() failed to catch bad
...
NXT bit maps. [RT #5577 ]
2003-04-17 03:43:35 +00:00
Mark Andrews
817314313f
missing #include's
2003-04-10 02:06:51 +00:00
Mark Andrews
8b5de97014
1448. [bug] Handle empty wildcards labels.
...
developer: marka
reviewer: explorer
2003-02-27 00:19:04 +00:00
Mark Andrews
80b782f356
1447. [bug] We were casting (unsigned int) to and from (void *).
...
rdataset->private4 is now rdataset->privateuint4
to reflect a type change.
developer: marka
reviewer: explorer
2003-02-26 23:52:30 +00:00
Mark Andrews
476386968b
1446. [func] Implemented undocumented alternate transfer sources
...
from BIND 8. See use-alt-transfer-source,
alt-transfer-source-v4 and alt-transfer-source-v6.
SECURITY: use-alt-transfer-source is ENABLED unless
you are using views. This may caues a security risk
resulting in accidental disclosure of wrong zone
content if the master supplying different source
content based on IP address. If you are not certian
ISC recommends setting use-alt-transfer-source no;
developer: marka
reviewer: explorer
2003-02-26 23:29:00 +00:00
Mark Andrews
53cf671865
1445. [bug] DNS_ADBFIND_STARTATROOT broke stub zones. This has
...
been replaced with DNS_ADBFIND_STARTATZONE which
causes the search to start using the closest zone.
1444. [func] dns_view_findzonecut2() allows you to specify if the
cache should be searched for zonecuts.
developer: marka
reviewer: explorer
2003-02-26 22:54:29 +00:00
Mark Andrews
b312748a11
1442. [func] New fuctions for manipulating port lists:
...
dns_portlist_create(), dns_portlist_add(),
dns_portlist_remove(), dns_portlist_match(),
dns_portlist_attach() and dns_portlist_detach().
1441. [func] It is now possible to tell dig to bind to a specific
source port.
1440. [func] It is now possible to tell named to avoid using
certian source ports (avoid-v4-udp-ports,
avoid-v6-udp-ports).
developer: marka
reviewer: explorer
2003-02-26 05:05:16 +00:00
Mark Andrews
c3ea698877
1436. [func] dns_zonemgr_resumexfrs() can be used to restart
...
stalled transfers.
1435. [bug] zmgr_resume_xfrs() was being called read locked
rather than write locked. zmgr_resume_xfrs()
was not being called if the zone was being
shutdown.
1434. [bug] "rndc reconfig" failed to initiate the initial
zone transfer of new slave zones.
developer: marka
reviewer: explorer
2003-02-26 03:45:59 +00:00
Mark Andrews
e2fb08b85d
1432. [func] The advertised EDNS UDP buffer size can now be set
...
via named.conf (edns-udp-size).
developer: marka
reviewer: explorer
2003-02-26 02:04:00 +00:00
Mark Andrews
71dfe8bb7a
spelling
2003-02-26 01:21:09 +00:00
Mark Andrews
b587e1d83f
spelling
2003-02-07 01:13:13 +00:00
Mark Andrews
a1301ef891
undo (wrong branch)
2003-02-04 06:10:09 +00:00
Mark Andrews
ab4bec8504
checkpoint
2003-02-04 05:44:32 +00:00
Mark Andrews
421e4cf66e
1416. [bug] Empty node should return NOERROR NODATA, not NXDOMAIN.
...
[RT #4715 ]
developer: marka
reviewer: explorer
2003-01-18 03:18:31 +00:00
Mark Andrews
b0c15bd979
1415. [func] DS TTL now derived from NS ttl. NXT TTL now derived
...
from SOA MINIMUM.
1414. [func] Support for KSK flag.
2003-01-18 02:40:59 +00:00
Mark Andrews
0ffaee887f
1412. [func] You can now specify servers to be tried if a nameserver
...
has IPv6 address and you only support IPv4 or the
reverse. See dual-stack-servers.
2003-01-16 03:59:28 +00:00
Mark Andrews
c86eed4bde
1410. [func] handle records that live in the parent zone, e.g. DS.
...
developer: marka
reviewer: explorer
2003-01-14 00:28:50 +00:00
Mark Andrews
3c2127744f
update comment
2003-01-10 02:43:56 +00:00
Mark Andrews
6874dcf6a0
style
2002-12-31 05:40:15 +00:00
Mark Andrews
49a940dc68
1402. [cleanup] A6 has been moved to experimental and is no longer
...
fully supported.
developer: jinmei
reviewer: marka
2002-11-27 09:52:58 +00:00
Michael Graff
e903df2f01
merge 4319
2002-11-12 23:58:14 +00:00
Michael Graff
6434457b0b
merge 4090
2002-11-12 23:24:45 +00:00
Mark Andrews
aa39170da8
1394. [func] It is now possible to check if a particular element is
...
in a acl. Remove duplicate entries from the localnets
acl.
1393. [port] Bind to individual IPv6 interfaces if IPV6_IPV6ONLY
is not available in the kernel to prevent accidently
listening on IPv4 interfaces.
developer: jinmei
reviewer: marka
2002-10-29 04:40:26 +00:00
Mark Andrews
75ace6601e
1379. [func] 'rndc stats' now reports tcp and recursion quota
...
states.
1378. [func] Improved positive feedback for 'rndc {reload|refresh}.
1377. [func] dns_zone_load{new}() now reports if the zone was
loaded, queued for loading to up to date.
1376. [func] New function dns_zone_logc() to log to specified
category.
2002-09-10 02:23:46 +00:00
Tatuya JINMEI 神明達哉
e992af4209
fixed a bug that named crashes with an assertion failure on exit when sharing
...
the same port for listening and querying, and changing listening addresses
several times. [RT# 3509]
additionally,
+ limited the canceled socket tasks in dispatch.c
+ made dns_dispatch_changeattributes() care about the NOLISTEN mask
+ described side effects of dns_dispatch_changeattributes() in its
description comment
2002-09-04 02:26:13 +00:00
Mark Andrews
b6309ed962
developer: jinmei
...
reviewer: marka
1368. [func] remove support for bitstring labels.
2002-08-27 04:53:43 +00:00
Mark Andrews
5bd76af084
1358. [func] log the reason for rejecting a server when resolving
...
queries.
2002-08-09 06:12:50 +00:00
Mark Andrews
4c342614f8
1354. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME.
2002-08-06 01:50:28 +00:00
Mark Andrews
87f4715d6c
1344. [func] Log if the serial number on the master has gone backwards.
...
If you have multiple machines specified in the masters
clause you may want to set 'multi-master yes;' to suppress
this warning.
2002-07-29 06:58:46 +00:00
Mark Andrews
f0471ca4b7
1336. [func] Nibble lookups under IP6.ARPA are now supported by
...
dns_byaddr_create(). dns_byaddr_createptrname() is
deprecated, use dns_byaddr_createptrname2() instead.
2002-07-24 06:42:32 +00:00
Mark Andrews
c54c1eaf26
1251. [func] Generate DNSSEC wildcard proofs.
2002-07-19 03:50:42 +00:00
Mark Andrews
ff30cdeb78
The validator didn't handle missing DS records correctly.
2002-07-19 03:29:15 +00:00
Mark Andrews
4d9f3f00d9
1249. [func] named-checkzone will now check if nameservers that
...
appear to be IP addresses. Available modes "fail",
"warn" (default) and "ignore" the results of the
check.
2002-07-19 02:34:58 +00:00
Mark Andrews
d196b45738
1248. [bug] The validator could incorrectly verify an invalid
...
negative proof.
2002-07-15 03:27:44 +00:00
Mark Andrews
de49761421
1330. [bug] 'rndc stop' failed to cause zones to be flushed
...
sometimes. [RT #3157 ]
2002-06-19 07:14:48 +00:00
Mark Andrews
0b09763c35
1328. [func] DS (delegation signer) support.
2002-06-17 04:01:37 +00:00
Mark Andrews
7d389c324c
1324. [func] New function: dns_zone_name().
2002-06-13 07:05:47 +00:00
Mark Andrews
c8aa2c8311
1204. [bug] The RTT estimate on unused servers was not aged.
...
[RT #2569 ]
2002-05-27 06:30:25 +00:00
Mark Andrews
b9efcf0a37
1297. [func] You can now create your own customised printing
...
styles: dns_master_stylecreate() and
dns_master_styledestroy().
2002-05-21 06:12:45 +00:00
Mark Andrews
c4a9ce445c
1274. [func] preferred-glue option from BIND 8.3.
2002-04-26 00:40:37 +00:00
Mark Andrews
7791dd06ea
1242. [bug] named-checkzone failed if a journal existed. [RT #2657 ]
2002-04-02 06:54:07 +00:00
Brian Wellington
4b171ebd70
1229. [bug] named would crash if it received a TSIG signed
...
query as part of an AXFR response. [RT #2570 ]
2002-03-14 18:34:48 +00:00
Brian Wellington
6585d8782b
the region passed to dns_name_fromregion() can be const.
2002-03-14 00:36:07 +00:00
Mark Andrews
603d1d1e20
1225. [func] dns_message_setopt() no longer requires that
...
dns_message_renderbegin() to have been called.
2002-03-11 01:59:16 +00:00
Brian Wellington
231ffa6c85
add a new result code so that parsing a bad KEY record doesn't result in
...
"unknown class/type".
2002-03-08 01:38:57 +00:00
Mark Andrews
2dd99c098c
1234. [bug] 'rrset-order' and 'sortlist' should be additive
...
not exclusive.
1223. [func] 'rrset-order' partially works 'cyclic' and 'random'
are supported.
2002-03-07 13:46:41 +00:00
Brian Wellington
df5e0316a7
- add the missing typedef for dns_order_t
...
- change the order of parameters to dns_order_create() for consistency
- add multiple inclusion protection to order.h
- fix a couple of typos
2002-03-07 07:48:48 +00:00
Mark Andrews
f4ea263511
rrset-order support.
2002-03-07 06:29:37 +00:00
Brian Wellington
011dc51eee
dns_master_loadlexer[inc], to load master files from existing lexers
2002-02-21 00:45:11 +00:00
Brian Wellington
8cf24d101a
add dns_rdataslab_tordataset()
2002-02-20 22:57:13 +00:00
Mark Andrews
a7038d1a05
copyrights
2002-02-20 03:35:59 +00:00
Andreas Gustafsson
6a8832f784
There are four "i":s in "initialize"
2002-02-20 01:45:15 +00:00
Brian Wellington
8d87d1d81c
DNS_R_NOMEM -> ISC_R_NOMEMORY
2002-02-19 23:46:32 +00:00
Andreas Gustafsson
2d6ff29a07
spelling
2002-02-19 22:58:29 +00:00
Mark Andrews
23cb957a81
1201. [bug] Require that if 'callbacks' is passed to
...
dns_rdata_fromtext(), callbacks->error and
callbacks->warn are initalised.
2002-02-12 03:45:54 +00:00
