ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
23,355 Commits 589 Branches 805 Tags
3fe33590315cd5ab2af1f1b49e5ac36c9c195991
Commit Graph

641 Commits

Author SHA1 Message Date
Evan Hunt
21113a1649 [v9_9] clarify managed-keys syntax 
(cherry picked from commit 54ca241334)
 2013-01-10 12:00:18 -08:00
Tinderbox User
04b852c0b4 update copyright notice 2013-01-04 23:45:39 +00:00
Evan Hunt
8d9207a17b [v9_9] allow-query-on works now 
3448.	[bug]		The allow-query-on ACL was not processed correctly.
			[RT #29486]
(cherry picked from commit 222d38735f)
 2013-01-03 15:14:17 -08:00
Jeremy C. Reed
1f1c4a9f29 Remove link to AUSCERT article about ACLs. It has been broken 
for at least 6 years.
See ticket #16479 for details.
No CHANGES entry added.
This was not reviewed. It is minor.
 2012-11-30 10:40:16 +11:00
Evan Hunt
71d99e04c4 [v9_9] s/size spec/size_spec/ 2012-11-27 22:48:07 -08:00
Jeremy C. Reed
f701199ce4 [master] fix spelling 
Noticed one while reading during Alan's training today.
Fixed two other misspellings while here.

Conflicts:
	doc/arm/Bv9ARM-book.xml
 2012-11-07 09:04:48 +11:00
Evan Hunt
d708e4c4f1 [v9_9] allow dnssec options in inline-signing slaves 
3408.	[bug]		Some DNSSEC-related options (update-check-ksk,
			dnssec-loadkeys-interval, dnssec-dnskey-kskonly)
			are now legal in slave zones as long as
			inline-signing is in use. [RT #31078]
(cherry picked from commit f46168b879)
 2012-10-26 16:15:48 -07:00
Evan Hunt
ea6aa47f47 [v9_9] note RPZ performance issues in ARM 2012-10-25 18:06:45 -07:00
Evan Hunt
77c9c35975 [v9_9] fix ulink typo 2012-10-25 09:21:32 -07:00
Mark Andrews
a6d4848f6e 3395. [protocol] Add RFC 6598 reverse zones to built in empty zones 
list, 64.100.IN-ADDR.ARPA ... 127.100.IN-ADDR.ARPA.
                        [RT #31336]
 2012-10-16 12:35:28 +11:00
Evan Hunt
2b58833f58 improve managed-keys-directory documentation 2012-09-25 16:33:27 -07:00
Evan Hunt
efc3ebed17 support '-' salt in rndc signing -nsec3param 
3361.	[bug]		"rndc signing -nsec3param" didn't work correctly
			when salt was set to '-' (no salt). [RT #30099]
 2012-08-13 22:25:16 -07:00
Mark Andrews
7c25aaf620 3341. [func] New "dnssec-verify" command checks a signed zone 
to ensure correctness of signatures and of NSEC/NSEC3
                        chains. [RT #23673]
 2012-06-25 14:57:32 +10:00
Mark Andrews
acebc2457c 3339. [func] Allow the maximum supported rsa exponent size to be 
specified: "max-rsa-exponent-size <value>;" [RT #29228]
 2012-06-20 21:34:24 +10:00
Mark Andrews
4db66665f5 3333. [bug] Setting resolver-query-timeout too low can cause 
named to not recover if it looses connectivity.
                        [RT #29623]
 2012-06-08 12:38:48 +10:00
Vernon Schryver
f05089ea5c For rt26172: 
Add
      - optional "recursive-only yes|no" to the response-policy statement
      - optional max-policy-ttl to limit the lies that "recursive-only no"
          can introduce into resolvers' caches
      - test that queries with RD=0 are not rewritten by default
      - performance smoke test

    Change encoding of PASSTHRU action to "rpz-passthru".
          (The old encoding is still accepted.)
    Fix rt26180  assert botch in zone_findrdataset() in this branch
         as well.

    Fix missing signatures on NOERROR results despite RPZ hits
        when there are signatures and the client asks for DNSSEC,
 2012-06-01 01:03:43 +00:00
Evan Hunt
0f633846a0 fixed ARM typo: s/replacable/replaceable/ 2012-05-30 08:16:15 -07:00
Tinderbox User
c201888c2a regen v9_9 2012-03-07 01:59:30 +00:00
Evan Hunt
f94af76649 Revert "added gitignore, removed cvsignore" 
This reverts commit e8ae173655.
 2012-03-05 08:24:17 -08:00
Evan Hunt
e8ae173655 added gitignore, removed cvsignore 2012-03-03 23:24:11 -08:00
Evan Hunt
06dc836ca3 Updated the query log message format example in the ARM, and added a 
bit of text explaining that the same format is used for all
log messages related to the same query.  Trivial; not bothering
with a ticket or review.
 2012-01-15 21:16:04 +00:00
Automatic Updater
53c234d9d3 update copyright notice 2012-01-06 23:46:42 +00:00
Evan Hunt
19c4187e35 3261. [func] RRset ordering now defaults to random. [RT #27174] 2012-01-06 19:00:13 +00:00
Evan Hunt
7486f4e794 Reworded the "inline-signing" doc slightly to remove what had appeared to 
be a typo in the printed ARM.  No CHANGES note.
 2011-11-23 18:58:39 +00:00
Evan Hunt
13790b548c 3213. [doc] Clarify ixfr-from-differences behavior. [RT #25188] 2011-11-09 05:52:42 +00:00
Evan Hunt
36a13a94c5 new "dnssec-lookaside" option is "no", not "off" 2011-11-07 00:25:53 +00:00
Mark Andrews
ac43690858 3209. [func] Add "dnssec-lookaside 'off'". [RT #24858] 2011-11-07 00:14:11 +00:00
Automatic Updater
84bc9a5840 add missing </term> 2011-11-04 02:25:17 +00:00
Evan Hunt
f550b4b104 3201. [func] 'rndc querylog' can now be given an on/off parameter 
instead of only being used as a toggle. [RT #18351]
 2011-11-03 23:05:31 +00:00
Evan Hunt
6150d3cb66 3200. [doc] Some rndc functions were undocumented or were 
missing from 'rndc -h' output. [RT #25555]
 2011-11-03 22:06:21 +00:00
Evan Hunt
2a7ac74960 remove 1/8 and 2/8 from bogusnets example 2011-11-03 04:53:27 +00:00
Evan Hunt
0c25a44aac 3194. [doc] Updated RFC references in the 'empty-zones-enable' 
documentation. [RT #25203]
 2011-11-03 03:08:33 +00:00
Evan Hunt
9c03f13e18 3185. [func] New 'rndc signing' option for auto-dnssec zones: 
- 'rndc signing -list' displays the current
			   state of signing operations
			 - 'rndc signing -clear' clears the signing state
		  	   records for keys that have fully signed the zone
			 - 'rndc signing -nsec3param' sets the NSEC3
			   parameters for the zone
			The 'rndc keydone' syntax is removed. [RT #23729]
 2011-10-28 06:20:07 +00:00
Evan Hunt
9570ddcd41 3180. [func] Local copies of slave zones are now saved in raw 
format by default, to improve startup performance.
			'masterfile-format text;' can be used to override
			the default, if desired. [RT #25867]
 2011-10-26 15:23:37 +00:00
Mark Andrews
b1c6de5456 3177. [func] 'rndc keydone', remove the indicator record that 
named has finished signing the zone with the
                        corresponding key.  [RT #26206]
 2011-10-25 01:54:22 +00:00
Automatic Updater
085e84f19b add missing </listitems> 2011-10-13 23:44:47 +00:00
Vernon Schryver
9fee08f655 Commit rt25172 changes to HEAD including 
- fix precedence among competing rules
  - improve ARM text including documenting rule precedence
  - try to rewrite CNAME chains until first hit
  - new "rpz" logging channel
  - same fix for "NS ." as in RT 24985
 2011-10-13 01:32:34 +00:00
Mark Andrews
3952b16164 fix default for sig-signing-type 2011-10-06 11:50:20 +00:00
Mark Andrews
6e1b287107 rt21764 session-* fixes 2011-10-06 11:31:57 +00:00
Scott Mann
fad5116b3d Remove the ixfr-from-differences side-effect which causes an AXFR and extend 
request-ixfr to the zone level.
 2011-09-06 22:29:33 +00:00
Mark Andrews
9198ab377b 3147. [func] Initial inline signing support. [RT #23657] 2011-08-30 05:16:15 +00:00
Mark Andrews
ce97ba9c94 unbalance tag <replaceable> x2 2011-08-03 01:19:10 +00:00
Evan Hunt
0127993480 3140. [func] New command "rndc flushtree <name>" clears the 
specified name from the server cache along with
			all names under it. [RT #19970]
 2011-08-02 20:36:13 +00:00
Evan Hunt
cf63d32d55 3136. [func] Add RFC 1918 reverse zones to the list of built-in 
empty zones switched on by the 'empty-zones-enable'
			option. [RT #24990]
 2011-07-28 03:18:17 +00:00
Mark Andrews
a69070d8fa 3130. [func] Support alternate methods for managing a dynamic 
zone's serial number.  Two methods are currently
                        defined using serial-update-method, "increment"
                        (default) and "unixtime".  [RT #23849]
 2011-07-01 02:25:48 +00:00
Mark Andrews
0fc9a7b571 9.9 not 9.7 2011-06-21 05:33:21 +00:00
Evan Hunt
5e3affc6a0 3127. [bug] 'rndc thaw' will now remove a zone's journal file 
if the zone serial number has been changed and
			ixfr-from-differences is not in use.  [RT #24687]
 2011-06-10 01:32:38 +00:00
Mark Andrews
475b1ed9cc 3126. [security] Using DNAME record to generate replacements caused 
RPZ to exit with a assertion failure. [RT #23766]
 2011-06-09 03:10:17 +00:00
Evan Hunt
c5660d514b grammar repair 2011-05-23 20:11:14 +00:00
Evan Hunt
bfe32d08c5 3116. [func] New 'dnssec-update-mode' option controls updates 
of DNSSEC records in signed dynamic zones.  Set to
			'no-resign' to disable automatic RRSIG regeneration
			while retaining the ability to sign new or changed
			data. [RT #24533]
 2011-05-23 20:10:03 +00:00