Commit Graph

4341 Commits

Author SHA1 Message Date
Evan Hunt
83eecff731 [master] adjust default -U
3751.	[tuning]	The default setting for the -U option (setting
			the number of UDP listeners per interface) has
			been adjusted to improve performance. [RT #35417]
2014-02-19 21:54:43 -08:00
Evan Hunt
4a0beb64be [master] start prep for 9.10.0b1 2014-02-19 21:39:35 -08:00
Mark Andrews
16134801ce 3750. [experimental] Partially implement EDNS EXPIRE option as described
in draft-andrews-dnsext-expire-00.  Retrivial of
                        remaining time to expiry from slave zones is supported.

                        EXPIRE uses an experimental option code (65002) and
                        is subject to change. [RT #35416]
2014-02-20 14:56:20 +11:00
Evan Hunt
4357e13a4b [master] whitespace 2014-02-19 15:54:57 -08:00
Evan Hunt
d7b9756a21 [master] ENDS client-subnet in dig
3749.	[func]		"dig +subnet" sends an EDNS client subnet option
			containing the specified address/prefix when
                        querying. (Thanks to Wilmer van der Gaast.)
                        [RT #35415]
2014-02-19 15:51:02 -08:00
Tinderbox User
1361e03890 update copyright notice 2014-02-19 23:46:31 +00:00
Evan Hunt
fd75aaa2b9 [master] change tag 2014-02-19 07:51:22 -08:00
Mark Andrews
7e2e41df67 3748. [func] Use delve to test dns_client interfaces. [RT #35383] 2014-02-19 19:33:21 +11:00
Evan Hunt
7f5bdf7f40 [master] fix dns_resolver_destroyfetch race
3747.	[bug]		A race condition could lead to a core dump when
			destroying a resolver fetch object. [RT #35385]
2014-02-18 23:32:02 -08:00
Evan Hunt
35f6a21f5f [master] max-zone-ttl
3746.	[func]		New "max-zone-ttl" option enforces maximum
			TTLs for zones. If loading a zone containing a
			higher TTL, the load fails. DDNS updates with
			higher TTLs are accepted but the TTL is truncated.
			(Note: Currently supported for master zones only;
			inline-signing slaves will be added.) [RT #38405]
2014-02-18 23:26:50 -08:00
Evan Hunt
6a3fa181d1 [master] add "--with-tuning=large" option
3745.	[func]		"configure --with-tuning=large" adjusts various
			compiled-in constants and default settings to
			values suited to large servers with abundant
			memory. [RT #29538]
2014-02-18 22:36:14 -08:00
Mark Andrews
0a5927a14f add 3rd 2014-02-19 13:33:24 +11:00
Mark Andrews
08d4b8d120 update SIT description 2014-02-19 13:15:40 +11:00
Evan Hunt
96a3590505 [master] edit 2014-02-18 17:59:43 -08:00
Mark Andrews
b5f6271f4d 3744. [experimental] SIT: send and process Source Identity Tokens
(which are similar to DNS Cookies by Donald Eastlake)
                        and are designed to help clients detect off path
                        spoofed responses and for servers to detect legitimate
                        clients.

                        SIT use a experimental EDNS option code (65001).

                        SIT can be enabled via --enable-developer or
                        --enable-sit.  It is on by default in Windows.

                        RRL processing as been updated to know about SIT with
                        legitimate clients not being rate limited. [RT #35389]
2014-02-19 12:53:42 +11:00
Mark Andrews
38eabfcee7 3743. [bug] delegation-only flag wasn't working in forward zone
declarations despite being documented.  This is
                        needed to support turning off forwarding and turning
                        on delegation only at the same name.  [RT #35392]
2014-02-18 10:09:07 +11:00
Mark Andrews
7b9cb698dd update descrition 2014-02-18 10:03:52 +11:00
Mark Andrews
5114325978 3742. [port] linux: libcap support: curval was used before it
was declared. [RT #35387]
2014-02-18 00:27:15 +11:00
Evan Hunt
1d761cb453 [master] delve
3741.	[func]		"delve" (domain entity lookup and validation engine):
			A new tool with dig-like semantics for performing DNS
			lookups, with internal DNSSEC validation, using the
			same resolver and validator logic as named. This
			allows easy validation of DNSSEC data in environments
			with untrustworthy resolvers, and assists with
			troubleshooting of DNSSEC problems. (Note: not yet
			available on win32.) [RT #32406]
2014-02-16 13:03:17 -08:00
Evan Hunt
14bf4702f3 [master] fixed some dlz configure options
3740.	[contrib]	Minor fixes to configure --with-dlz-bdb,
			--with-dlz-postgres and --with-dlz-odbc. [RT #35340]
2014-02-15 21:10:07 -08:00
Evan Hunt
31f6244cc2 [master] tcp and udp stats counters
3739.	[func]		Added per-zone stats counters to track TCP and
			UDP queries. [RT #35375]
2014-02-15 20:57:00 -08:00
Mark Andrews
2729aea3c1 3738. [bug] --enable-openssl-hash failed to build. [RT #35343] 2014-02-13 15:09:08 +11:00
Tinderbox User
1124950b35 update copyright notice 2014-02-12 23:46:27 +00:00
Mark Andrews
a1271e2404 3737. [bug] 'rndc retransfer' could trigger a assertion failure
with inline zones. [RT #35353]

(cherry picked from commit 8e30a7e9fd)
2014-02-13 08:55:09 +11:00
Evan Hunt
842a3e6d0e [master] try multiple addresses per server name in nsupdate
3736.	[bug]		nsupdate: When specifying a server by name,
			fall back to alternate addresses if the first
			address for that name is not reachable. [RT #25784]
2014-02-11 21:29:10 -08:00
Evan Hunt
dbb012765c [master] merge libiscpk11 to libisc
3735.	[cleanup]	Merged the libiscpk11 library into libisc
			to simplify dependencies. [RT #35205]
2014-02-11 21:20:28 -08:00
Mark Andrews
d7729155df 3734. [bug] Improve building with libtool. [RT #35314] 2014-02-10 15:01:06 +11:00
Mark Andrews
850b5e8093 Add Linux support to:
3733.   [func]          Improve interface scanning support.  Interface
                        information will be automatically updated if the
                        OS supports routing sockets (MacOS, *BSD, Linux).
                        Use "automatic-interface-scan no;" to disable.

                        Add "rndc scan" to trigger a scan. [RT #23027]
2014-02-10 09:46:54 +11:00
Francis Dupont
c41d8a22ab spelling 2014-02-07 13:40:44 +01:00
Mark Andrews
62ec9fd168 3733. [func] Improve interface scanning support. Interface
information will be automatically updated if the
                        OS supports routing sockets.  Use
                        "automatic-interface-scan no;" to disable.

                        Add "rndc scan" to trigger a scan. [RT #23027]
2014-02-07 17:16:37 +11:00
Evan Hunt
41e55d0403 [master] type mismatch in ODBC DLZ driver
3732.	[contrib]	Fixed a type mismatch causing the ODBC DLZ
			driver to dump core on 64-bit systems. [RT #35324]
2014-02-06 20:05:25 -08:00
Evan Hunt
166341d554 [master] add no-case-compress
3731.	[func]		Added a "no-case-compress" ACL, which causes
			named to use case-insensitive compression
			(disabling change #3645) for specified
			clients. (This is useful when dealing
			with broken client implementations that
			use case-sensitive name comparisons,
			rejecting responses that fail to match the
			capitalization of the query that was sent.)
			[RT #35300]
2014-02-06 19:37:26 -08:00
Evan Hunt
a165a17a81 [master] dnssec-keygen fixes
3730.	[cleanup]	Added "never" as a synonym for "none" when
			configuring key event dates in the dnssec tools.
			[RT #35277]

3729.	[bug]		dnssec-kegeyn could set the publication date
			incorrectly when only the activation date was
			specified on the command line. [RT #35278]
2014-02-06 15:59:14 -08:00
Evan Hunt
08c67b5b7a [master] improved native-pkcs11 doc
3728.	[doc]		Expanded native-PKCS#11 documentation,
			specifically pkcs11: URI labels. [RT #35287]
2014-02-06 15:40:00 -08:00
Evan Hunt
e5f9fa7e18 [master] deprecate isc_bitsrting
3727.	[func]		The isc_bitstring API is no longer used and
			has been removed from libisc. [RT #35284]
2014-02-06 15:36:13 -08:00
Evan Hunt
62cce60a15 [master] better error message when exceeding RPZ zone limit
3726.	[cleanup]	Clarified the error message when attempting
			to configure more than 32 response-policy zones.
			[RT #35283]
2014-02-06 15:26:54 -08:00
Evan Hunt
e2d635d630 [master] update contrib
3725.	[contrib]	Updated zkt and nslint to newest versions,
			cleaned up and rearranged the contrib
			directory, added a README.
2014-02-05 16:38:28 -08:00
Evan Hunt
a8cdf2a2e7 [master] fixed win32 dig problem
3724.   [bug]           win32: Fixed a bug that prevented dig and
                        host from exiting properly after completing
                        a UDP query. [RT #35288]
2014-02-04 12:01:20 -08:00
Tinderbox User
0666e6db54 update copyright notice 2014-01-31 23:46:22 +00:00
Jeremy C. Reed
9d58bbdf12 Fix typo. 2014-01-31 08:28:41 -06:00
Evan Hunt
0a35160f4e [master] prep 9.10.0a2 2014-01-30 18:02:26 -08:00
Evan Hunt
3249da26fc [master] rationalize external key handling
3723.	[cleanup]	Imported keys are now handled the same way
			regardless of DNSSEC algorithm. [RT #35215]
2014-01-30 17:49:32 -08:00
Evan Hunt
d0803df331 [master] fixed geoip in blackhole ACLs
3722.	[bug]		Using geoip ACLs in a blackhole statement
			could cause a segfault. [RT #35272]
2014-01-30 17:03:32 -08:00
Evan Hunt
47c847e286 [master] improve EDNS doc
3721.	[doc]		Improved doucmentation of the EDNS processing
			enhancements introduced in change #3593. [RT #35275]
2014-01-30 14:52:01 -08:00
Mark Andrews
63add83a26 3720. [bug] Address compiler warnings. [RT #35261] 2014-01-30 10:33:28 +11:00
Mark Andrews
75d747e1c5 3719. [bug] Address memory leak in in peer.c. [RT #35255] 2014-01-30 07:54:52 +11:00
Mark Andrews
fbc0e37e0c 3718. [bug] A missing ISC_LINK_INIT in log.c. [RT #35260] 2014-01-30 07:44:02 +11:00
Mark Andrews
b8cf73a3b3 3717. [port] hpux: Treat EOPNOTSUPP as a expected error code when
probing to see if it is possible to set dscp values
                        on a per packet basis. [RT #35252]

3716.   [bug]           The dns_request code was setting dcsp values when not
                        requested.  [RT #35252]
2014-01-28 08:25:28 +11:00
Evan Hunt
83f69fcd6e [master] fix a problem with libgeoip 1.5 and higher
3715.	[bug]		The region and city databases could fail to
			initialize when using some versions of libGeoIP,
			causing assertion failures when named was
			configured to use them. [RT #35427]
2014-01-23 12:46:02 -08:00
Evan Hunt
d58e33bfab [master] testcrypto.sh in system tests
3714.	[test]		System tests that need to test for cryptography
			support before running can now use a common
			"testcrypto.sh" script to do so. [RT #35213]
2014-01-20 16:08:09 -08:00