4521. [cleanup] Log it as an error if an entropy source is not
found and there is no fallback available. [RT #43659]
(cherry picked from commit 6bdb70057d)
4433. [cleanup] Report an error when passing an invalid option or
view name to "rndc dumpdb". [RT #42958]
(cherry picked from commit c38d989fdd)
(cherry picked from commit 17de0f290c)
4352. [cleanup] The ISC DNSSEC Lookaside Validation (DLV) service
is scheduled to be disabled in 2017. A warning is
now logged when named is configured to use it,
either explicitly or via "dnssec-lookaside auto;"
[RT #42207]
4256. [bug] Allow rndc command arguments to be quoted so as
to allow spaces. [RT #36665]
(cherry picked from commit b513918481)
(cherry picked from commit d1ce32ad70)
3938. [func] Added quotas to be used in recursive resolvers
that are under high query load for names in zones
whose authoritative servers are nonresponsive or
are experiencing a denial of service attack.
- "fetches-per-server" limits the number of
simultaneous queries that can be sent to any
single authoritative server. The configured
value is a starting point; it is automatically
adjusted downward if the server is partially or
completely non-responsive. The algorithm used to
adjust the quota can be configured via the
"fetch-quota-params" option.
- "fetches-per-zone" limits the number of
simultaneous queries that can be sent for names
within a single domain. (Note: Unlike
"fetches-per-server", this value is not
self-tuning.)
- New stats counters have been added to count
queries spilled due to these quotas.
These options are not available by default;
use "configure --enable-fetchlimit" (or
--enable-developer) to include them in the build.
See the ARM for details of these options. [RT #37125]
4006. [security] A flaw in delegation handling could be exploited
to put named into an infinite loop. This has
been addressed by placing limits on the number
of levels of recursion named will allow (default 7),
and the number of iterative queries that it will
send (default 50) before terminating a recursive
query (CVE-2014-8500).
The recursion depth limit is configured via the
"max-recursion-depth" option. [RT #35780]
3822. [bug] Log the correct type of static-stub zones when
removing them. [RT #35842]
(cherry picked from commit eb1a7730f0)
(cherry picked from commit 00e9952c41)
declarations despite being documented. This is
needed to support turning off forwarding and turning
on delegation only at the same name. [RT #35392]
(cherry picked from commit 38eabfcee7)
3731. [func] Added a "no-case-compress" ACL, which causes
named to use case-insensitive compression
(disabling change #3645) for specified
clients. (This is useful when dealing
with broken client implementations that
use case-sensitive name comparisons,
rejecting responses that fail to match the
capitalization of the query that was sent.)
[RT #35300]
(cherry picked from commit 166341d554)
