3526. [cleanup] Set up dependencies for unit tests correctly during
build. [RT #32803]
(cherry picked from commit 741ebf1004)
(cherry picked from commit 5021f4df52)
3496. [func] Improvements to RPZ performance. The "response-policy"
syntax now includes a "min-ns-dots" clause, with
default 1, to exclude top-level domains from
NSIP and NSDNAME checking. [RT #32251]
Response policy (rpz) changes to
- add zone statistics
- speed up by adding min-ns-dots to the response-policy syntax
with a default of 1
- detect and reject policy zones with a database other than rbt
only rbtdb has rpz hooks
- allow empty response-policy{} statement
- make --enable-rpz-nsip and --enable-rpz-nsdname the default
(cherry picked from commit 8159e80279408be50d31db5d853ae2736bd1934d)
dns_dlzcreate() failed to properly initialize
dlzdb.link. When cloning a rdataset do not copy
the link contents. [RT #32651]
Squashed commit of the following:
commit c36c49cbdaeec8b2506dffadbffa543283702fa2
Author: Mark Andrews <marka@isc.org>
Date: Mon Feb 18 23:24:57 2013 +1100
don't copy the link when cloning a rdataset
commit 9fef5827edcc925075832dcce900eeca9057456d
Author: Mark Andrews <marka@isc.org>
Date: Mon Feb 18 23:23:25 2013 +1100
initialise the dlzdb link; don't return a stale pointer on error
commit a13c584732eae2dde48920a73886b54f1fe6b030
Author: Mark Andrews <marka@isc.org>
Date: Mon Feb 18 23:21:59 2013 +1100
turn on ISC_LIST_CHECKINIT
Conflicts:
lib/dns/dlz.c
(cherry picked from commit c1402b00d3)
- revert d3617e0d87
- use -Xcompiler option to libtool so it won't suppress -shared
- regenerate configure
Conflicts:
bin/tests/system/dlzexternal/Makefile.in
by Andrew Tridgell of the Samba project.) [RT #22629]
2988. [experimental] Added a "dlopen" DLZ driver, allowing the creation
of external DLZ drivers that can be loaded as
shared objects at runtime rather than linked with
named. Currently this is switched on via a
compile-time option, "configure --with-dlz-dlopen".
Note: the syntax for configuring DLZ zones
is likely to be refined in future releases.
(Contributed by Andrew Tridgell of the Samba
project.) [RT #22629]
2987. [func] Improve ease of configuring TKEY/GSS updates by
adding a "tkey-gssapi-keytab" option. If set,
updates will be allowed with any key matching
a principal in the specified keytab file.
"tkey-gssapi-credential" is no longer required
and is expected to be deprecated. (Contributed
by Andrew Tridgell of the Samba project.)
[RT #22629]
