4801. [func] 'dnssec-lookaside auto;' and 'dnssec-lookaside .
trust-anchor dlv.isc.org;' now elicit warnings rather
than being fatal configuration errors. [RT #46410]
(cherry picked from commit f5e1b555c5)
4780. [bug] When answering ANY queries, don't include the NS
RRset in the authority section if it was already
in the answer section. [RT #44543]
(cherry picked from commit b7b76d6b85)
4777. [cleanup] Removed a redundant call to configure_view_acl().
[RT #46369]
(cherry picked from commit 89636d8f30)
(cherry picked from commit a06198688f)
4769. [bug] Enforce the requirement that the managed keys
directory (specified by "managed-keys-directory",
and defaulting to the working directory if not
specified) must be writable. [RT #46077]
(cherry picked from commit 56e30ebae6)
4762. [func] "update-policy local" is now restricted to updates
from local addresses. (Previously, other addresses
were allowed so long as updates were signed by the
local session key.) [RT #45492]
record trust-anchor-telementry in incoming requests.
Both _ta-XXXX.<anchor>/NULL and EDNS KEY-TAG options
are logged. [RT #46124]
(cherry picked from commit b41c1aacbc)
(cherry picked from commit 1c8aa38b53)
4749. [func] The ISC DLV service has been shut down, and all
DLV records have been removed from dlv.isc.org.
- Removed references to ISC DLV in documentation
- Removed DLV key from bind.keys
- No longer use ISC DLV by default in delv
[RT #46155]
4722. [cleanup] Clean up uses of strcpy() and strcat() in favor of
strlcpy() and strlcat() for safety. [RT #45981]
(cherry picked from commit 114f95089c)
(cherry picked from commit 7cd594b842)
4678. [cleanup] Turn on minimal responses for CDNSKEY and CDS in
addition to DNSKEY and DS. Thanks to Tony Finch.
[RT #45690]
(cherry picked from commit 391a3a2f20)
4670. [cleanup] Ensure that a request MAC is never sent back
in an XFR response unless the signature was
verified. [RT #45494]
(cherry picked from commit 0ad72b96d2)
(cherry picked from commit 37f6466aa3)
4531. [security] Some RPZ configurations could go into an infinite
query loop when encountering responses with TTL=0.
(CVE-2017-3140) [RT #45181]
(cherry picked from commit 3440cf9c60)
