ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
33,116 Commits 589 Branches 805 Tags
09964e8085494bffb4f8038be30babfaafe66ea3
Commit Graph

6101 Commits

Author SHA1 Message Date
Matthijs Mekking
ad63e9e4f8 Fix signatures-validity config option 
KASP was using 'signatures-validity-dnskey' instead of
'signatures-validity'.
 2021-01-12 10:54:48 +00:00
Michal Nowak
358c133ee2 Update copyright date in man pages 2021-01-11 12:27:17 +01:00
Michał Kępień
34cb46aed0 Make sure ddns-confgen man page stays up to date 2021-01-11 12:27:17 +01:00
Matthijs Mekking
aa69753470 Fix current release notes 
Remove entry that was release in 9.17.8 already.
 2021-01-11 12:21:03 +01:00
Matthijs Mekking
e15a433b23 Update serve-stale config defaults 
Change the serve-stale configuration defaults so that they match the
recommendations from RFC 8767.
 2021-01-11 11:13:45 +01:00
Michał Kępień
f96e6a1e1d Add the ISC DNSSEC Guide as a BIND 9 ARM appendix 
Add the ISC DNSSEC Guide to the BIND 9 ARM in order to include the
former in every BIND release.
 2021-01-08 13:12:20 +01:00
Mark Andrews
584e589d84 Add release note 2021-01-06 15:28:23 +11:00
Mark Andrews
faf9d8beba update for 2021 2021-01-04 11:52:00 +11:00
Matthijs Mekking
2e7ccecefe Fixup notes 
I screwed up the notes in !4474
 2020-12-23 12:03:26 +01:00
Matthijs Mekking
08b6e8c2c9 Add notes for [#2341] 
Mention the bugfix in the release.
 2020-12-23 11:43:03 +01:00
Matthijs Mekking
7825d8f916 Add documentation and notes for [#1750] 2020-12-23 09:10:13 +01:00
Mark Andrews
fc4af548e7 Add CHANGES and release notes for [GL #2245] 2020-12-23 09:16:26 +11:00
JP Mens
4658a1e657 Adjust number of rule types from 13 to the 16 there are. (16 is accurately specified further down in the section.) 2020-12-20 09:56:44 +00:00
Michał Kępień
7c1c021fc5 Set up release notes for BIND 9.17.9 2020-12-16 22:09:14 +01:00
Michał Kępień
a5f1af7c14 Prepare release notes for BIND 9.17.8 2020-12-16 22:05:50 +01:00
Michał Kępień
af58fcc92a Add release note for GL #2321 2020-12-16 22:05:50 +01:00
Michał Kępień
552418b68c Add release note for GL #1816 2020-12-16 22:05:50 +01:00
Michał Kępień
bdc45c82c5 Reorder release notes 2020-12-16 22:05:50 +01:00
Michał Kępień
0f889b9c7d Tweak and reword release notes 2020-12-16 22:05:50 +01:00
Michał Kępień
2ecff5dc43 Fix formatting of "dnssec-policy" documentation 2020-12-16 22:05:50 +01:00
Michal Nowak
befcbcac28 Fix a reference to rndc(8) in named(8) manual page 2020-12-14 13:10:10 +01:00
Ondřej Surý
ba887a688c Add CHANGES and release notes for GL #2058 2020-12-12 07:15:45 +01:00
Mark Andrews
eb1b29b19e Update dnssec-signzone -N soa-serial-format description 
document the autoincrement when the serial would go backwards.
 2020-12-11 10:48:28 +01:00
Mark Andrews
88943974de Add release note entry 2020-12-11 14:17:52 +11:00
Mark Andrews
6d10a57397 Add RFC 7050 and RFC 8880 to rfc-compliance 2020-12-11 14:17:52 +11:00
Mark Andrews
64c45abab2 Document ipv4only-enable, ipv4only-contact and ipv4only-server. 2020-12-11 14:17:52 +11:00
Mark Andrews
c51ef23c22 Implement ipv4only.arpa forward and reverse zones as per RFC 8880. 2020-12-11 14:16:40 +11:00
Ondřej Surý
5e1a23a1b6 Add CHANGES and release note for GL #2137 2020-12-03 09:23:24 +01:00
Ondřej Surý
c7d81f12f8 Add CHANGES and release not for GL #2250 2020-12-02 11:07:01 +01:00
Ondřej Surý
79c196fc77 Change the default value for nocookie-udp-size back to 4096 
The DNS Flag Day 2020 reduced all the EDNS buffer sizes to 1232.  In
this commit, we revert the default value for nocookie-udp-size back to
4096 because the option is too obscure and most people don't realize
that they also need to change this configuration option in addition to
max-udp-size.
 2020-12-02 11:06:42 +01:00
Ondřej Surý
c26a2ea134 Add release note for known issue #2137 2020-12-01 16:47:25 +01:00
Mark Andrews
ab0bf49203 Adjust default value of "max-recursion-queries" 
Since the queries sent towards root and TLD servers are now included in
the count (as a result of the fix for CVE-2020-8616),
"max-recursion-queries" has a higher chance of being exceeded by
non-attack queries.  Increase its default value from 75 to 100.
 2020-12-01 23:47:23 +11:00
Mark Andrews
356243aaec Add release note for [GL #2315] 2020-12-01 10:52:41 +01:00
Mark Andrews
d0dd71380b Add release note for [GL #2275] 2020-11-26 20:48:46 +00:00
Michał Kępień
2011a86881 Set up release notes for BIND 9.17.8 2020-11-26 12:16:49 +01:00
Michał Kępień
3a447d02b4 Prepare release notes for BIND 9.17.7 2020-11-26 12:12:17 +01:00
Michał Kępień
42cf594b37 Add release note for GL #2244 2020-11-26 12:12:17 +01:00
Michał Kępień
563f8a78e9 Add release note for GL #2236 2020-11-26 12:12:17 +01:00
Michał Kępień
572bc05aca Add release note for GL #1736 2020-11-26 12:12:17 +01:00
Michał Kępień
a4dea3c70c Reorder release notes 2020-11-26 12:12:17 +01:00
Michał Kępień
59221c4b3b Tweak and reword release notes 2020-11-26 12:12:17 +01:00
Matthijs Mekking
6b5d7357df Detect NSEC3 salt collisions 
When generating a new salt, compare it with the previous NSEC3
paremeters to ensure the new parameters are different from the
previous ones.

This moves the salt generation call from 'bin/named/*.s' to
'lib/dns/zone.c'. When setting new NSEC3 parameters, you can set a new
function parameter 'resalt' to enforce a new salt to be generated. A
new salt will also be generated if 'salt' is set to NULL.

Logging salt with zone context can now be done with 'dnssec_log',
removing the need for 'dns_nsec3_log_salt'.
 2020-11-26 10:43:59 +01:00
Matthijs Mekking
6f97bb6b1f Change nsec3param salt config to saltlen 
Upon request from Mark, change the configuration of salt to salt
length.

Introduce a new function 'dns_zone_checknsec3aram' that can be used
upon reconfiguration to check if the existing NSEC3 parameters are
in sync with the configuration. If a salt is used that matches the
configured salt length, don't change the NSEC3 parameters.
 2020-11-26 10:43:59 +01:00
Matthijs Mekking
9adad77ac3 Add changes and notes for kasp NSEC3 support 
This feature is news worthy.
 2020-11-26 10:43:58 +01:00
Matthijs Mekking
f7ca96c805 Add kasp nsec3param configuration 
Add configuration and documentation on how to enable NSEC3 when
using dnssec-policy for signing your zones.
 2020-11-26 10:43:27 +01:00
Mark Andrews
fbad04a51a Add release note 2020-11-25 08:25:29 +11:00
Mark Andrews
9a224a3c27 add +dns64prefix to dig to display any DNS64 prefixes at IPV4ONLY.ARPA 2020-11-25 08:25:29 +11:00
Mark Andrews
e980affba0 Fix DNAME when QTYPE is CNAME or ANY 
The synthesised CNAME is not supposed to be followed when the
QTYPE is CNAME or ANY as the lookup is satisfied by the CNAME
record.
 2020-11-19 10:18:01 +11:00
Diego Fronza
1ba2215c29 Update ARM and other documents 2020-11-11 12:53:24 -03:00
Diego Fronza
b4c997537b Add CHANGES and release notes entry 2020-11-11 12:53:24 -03:00