ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
14,998 Commits 589 Branches 805 Tags
05ab656e4a8e4bd4eaa62a5dc464ccb3d7ae7db2
Commit Graph

349 Commits

Author SHA1 Message Date
Mark Andrews
cfe92110ce 2007. [func] It is now possible to explicitly enable DNSSEC 
validation.  default dnssec-validation no; to
                        be changed to yes in 9.5.0.  [RT #15674]
 2006-03-09 23:21:54 +00:00
Mark Andrews
fe6f384b2e 2006. [security] Allow-query-cache and allow-recursion now default 
to the builtin acls "localnets" and "localhost".

                        This is being done to make caching servers less
                        attractive as reflective amplifying targets for
                        spoofed traffic.  This still leave authoritative
                        servers exposed.

                        The best fix is for full BCP 38 deployment to
                        remove spoofed traffic.
 2006-03-09 03:30:18 +00:00
Mark Andrews
59d84d1b07 2001. [func] Check the KSK flag when updating a secure dynamic zone. 
New zone option "update-check-ksk yes;".  [RT #15817]
 2006-03-06 01:27:52 +00:00
Mark Andrews
95b484c958 fix minor typos 2006-02-26 22:57:18 +00:00
Mark Andrews
7d4a465de0 1597. [func] Allow notify-source and query-source to be specified 
on a per server basis similar to transfer-source.
 2006-02-17 00:24:21 +00:00
Mark Andrews
6e373c5025 1983. [func] Two new update policies. "selfsub" and "selfwild". 
[RT #12895]
 2006-02-16 01:34:24 +00:00
Mark Andrews
4e7d13747a delegation-only is valid for type forward 2006-01-30 00:38:14 +00:00
Mark Andrews
cf029c9369 1974. [doc] List each of the zone types and associated zone 
options seperately in the ARM.
 2006-01-30 00:26:37 +00:00
Mark Andrews
c6d4f78152 1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and 
HMACSHA512 support. [RT #13606]
 2006-01-27 02:35:15 +00:00
Mark Andrews
dc6da18ccb 1964. [func] Seperate out MX and SRV to CNAME checks. [RT #15723] 2006-01-05 23:45:34 +00:00
Mark Andrews
3e3eae9127 unbalanced <term>'s 2006-01-05 11:52:32 +00:00
Mark Andrews
a1bc941093 1959. [func] Control the zeroing of the negative response TTL to 
a soa query.  Defaults "zero-no-soa-ttl yes;" and
                        "zero-no-soa-ttl-cache no;". [RT #15460]
 2006-01-05 02:19:02 +00:00
Mark Andrews
08c9026166 1953. [func] Named now falls back to advertising EDNS with a 
512 byte receive buffer if the initial EDNS queries
                        fail.  [RT #14852]

1952.   [func]          The maximum EDNS UDP response named will send can
                        now be set in named.conf (max-udp-size).  This is
                        independent of the advertised receive buffer
                        (edns-udp-size). [RT #14852]
 2006-01-05 00:01:46 +00:00
Mark Andrews
acb4f52369 update copyright notice 2006-01-04 23:50:24 +00:00
Mark Andrews
2b66a51a7d 1950. [port] Solaris 2.5.1 and earlier cannot bind() then connect() 
a TCP socket. This prevents the source address being
                        set for TCP connections. [RT #15628]
 2006-01-04 04:15:55 +00:00
Mark Andrews
fabf2ee6b0 1947. [func] It is now possible to configure named to accept 
expired RRSIGs.  Default "dnssec-accept-expired no;".
                        Setting "dnssec-accept-expired yes;" leaves named
                        vulnerable to replay attacks.  [RT #14685]
 2006-01-04 02:35:49 +00:00
Mark Andrews
cf224bbf7b 1942. [bug] If the name of a DNSKEY match that of one in 
trusted-keys do not attempt to validate the DNSKEY
                        using the parents DS RRset. [RT #15649]
 2005-12-04 23:54:01 +00:00
Mark Andrews
60ab03125c 1939. [bug] The resolver could dereference a null pointer after 
validation if all the queries have timed out.
                        [RT #15528]

1938.   [bug]           The validator was not correctly handling unsecure
                        negative responses at or below a SEP. [RT #15528]
 2005-11-03 00:51:55 +00:00
Mark Andrews
185f838667 move clients-per-query to tuning 2005-11-02 22:26:48 +00:00
Mark Andrews
634b0f68d1 update forwarders description 2005-10-10 00:16:57 +00:00
Mark Andrews
1f7013c1a1 spelling 2005-09-13 01:37:13 +00:00
Mark Andrews
2c15fcdeac seperate out sibling glue checks 2005-08-24 23:54:04 +00:00
Mark Andrews
6b79e960e6 1913. [func] Automatic empty zone creation for D.F.IP6.ARPA and 
friends.  Note: RFC 1918 zones are not yet covered by
                        this but are likely to be in a future release.

                        New options: empty-server, empty-contact,
                        empty-zones-enable and disable-empty-zone.
 2005-08-18 00:57:31 +00:00
Mark Andrews
5a4557e8de gregen 2005-07-19 06:12:24 +00:00
Mark Andrews
b5ad6dfea4 1903. [doc] Review ARM for BIND 9.4. 2005-07-19 04:55:25 +00:00
Mark Andrews
fd780f3d47 1891. [func] Limit the number of recursive clients that can be 
waiting for a single query (<qname,qtype,qclass>) to
                        resolve.  New options clients-per-query and
                        max-clients-per-query.
 2005-06-27 00:15:45 +00:00
Mark Andrews
147dd99912 missing </listitem> 2005-06-20 01:11:57 +00:00
Mark Andrews
a903095bf4 1817. [func] add support for additional zone file formats for 
improving loading performance.  The masterfile-format
                        option in named.conf can be used to specify a
                        non-default format.  A new separate command
                        named-compilezone was provided to generate zone files
                        in a new format.
 2005-06-20 01:05:33 +00:00
Mark Andrews
9eca2b9b95 1864. [bug] Don't try the alternative transfer source if you 
got a answer / transfer with the main source
                        address. [RT #14802]
 2005-06-07 01:21:32 +00:00
Mark Andrews
1c153afce5 1868. [func] edns-udp-size can now be overridden on a per 
server basis. [RT #14851]
 2005-06-07 00:27:34 +00:00
Mark Andrews
c5223c9cb7 1862. [func] Add additional zone data constancy checks. 
named-checkzone has extended checking of NS, MX and
                        SRV record and the hosts they reference.
                        named has extended post zone load checks.
                        New zone options: check-mx and integrity-check.
                        [RT #4940]
 2005-05-19 04:59:05 +00:00
Mark Andrews
f5d30e2864 update copyright notice 2005-05-13 01:35:48 +00:00
Rob Austein
268a447506 1856. [doc] Switch Docbook toolchain from DSSSL to XSL. 2005-05-11 05:55:41 +00:00
Mark Andrews
f0b796c9d2 document named-checkzone -W 2005-04-08 04:51:21 +00:00
Mark Andrews
b08289e4e3 update named-checkzone/rndc descriptions to 9.3 level. 2005-04-08 04:42:46 +00:00
Mark Andrews
1f35c769f8 repeated word 2005-03-16 02:53:08 +00:00
Mark Andrews
4844ed026a 1798. [func] The server syntax has been extended to support a 
range of servers.  [RT #11132]
 2005-01-17 00:46:05 +00:00
Mark Andrews
ad5bc22a81 1797. [func] named-checkconf now check acls to verify that they 
only refer to existing acls. [RT #13101]
 2005-01-11 03:46:11 +00:00
Mark Andrews
508f61f8d6 1794. [func] Named and named-checkzone can now both check for 
non-terminal wildcard records.
 2005-01-09 23:40:04 +00:00
Tatuya JINMEI 神明達哉
d0eb2cc33c 1526. [func] Implemented "additional section caching (or acache)", 
an internal cache framework for additional section
			content to improve response performance.  Several
			configuration options were provided to control the
			behavior.
 2004-12-21 10:45:20 +00:00
Mark Andrews
73fb13fe97 1755. [func] allow-update is now settable at the options / view 
level. [RT #6636]
 2004-11-11 01:08:24 +00:00
Mark Andrews
49210da3fb 1676. [func] New option "allow-query-cache". This lets 
allow-query be used to specify the default zone
                        access level rather than having to have every
                        zone override the global value.  allow-query-cache
                        can be set at both the options and view levels.
                        If allow-query-cache is not set allow-query applies.
 2004-10-21 00:58:33 +00:00
Mark Andrews
4181218570 1747. [bug] BIND 8 compatability: named/named-checkconf failed 
to parse "host-statistics-max" in named.conf.
 2004-10-17 23:11:30 +00:00
Mark Andrews
1672cff96d 1684. [func] ixfr-from-differences now takes master and slave in 
addition to yes and no at the options and view levels.
 2004-10-14 00:49:34 +00:00
Mark Andrews
207f0a15bb 1705. [func] Allow the journal's name to be changed via named.conf. 2004-10-07 02:15:14 +00:00
Mark Andrews
0553f5554f 1729. [func] Improve check-names error messages. 
1728.   [doc]           Update check-names documentation.

1727.   [bug]           named-checkzone: check-names support didn't match
                        documentation.
 2004-10-06 05:56:29 +00:00
Mark Andrews
09b2400763 1698. [doc] Use reserved IPv6 documentation prefix. 2004-08-16 00:34:33 +00:00
Tatuya JINMEI 神明達哉
31c0550dad s/6 to 4/Dual-stack/ [RT #12258] 2004-08-15 04:48:19 +00:00
Tatuya JINMEI 神明達哉
c8c03e7410 listen-on-v6 is not a "statement", but an "option". 2004-08-12 08:27:24 +00:00
Tatuya JINMEI 神明達哉
0b6128a682 revised wording a bit in the previous change. 2004-07-29 22:59:53 +00:00