ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
19,485 Commits 589 Branches 805 Tags
a5426599d7063f4e3d4e8b817c52b4cd7eff8024
Commit Graph

518 Commits

Author SHA1 Message Date
Evan Hunt
7486f4e794 Reworded the "inline-signing" doc slightly to remove what had appeared to 
be a typo in the printed ARM.  No CHANGES note.
 2011-11-23 18:58:39 +00:00
Evan Hunt
13790b548c 3213. [doc] Clarify ixfr-from-differences behavior. [RT #25188] 2011-11-09 05:52:42 +00:00
Evan Hunt
36a13a94c5 new "dnssec-lookaside" option is "no", not "off" 2011-11-07 00:25:53 +00:00
Mark Andrews
ac43690858 3209. [func] Add "dnssec-lookaside 'off'". [RT #24858] 2011-11-07 00:14:11 +00:00
Automatic Updater
84bc9a5840 add missing </term> 2011-11-04 02:25:17 +00:00
Evan Hunt
f550b4b104 3201. [func] 'rndc querylog' can now be given an on/off parameter 
instead of only being used as a toggle. [RT #18351]
 2011-11-03 23:05:31 +00:00
Evan Hunt
6150d3cb66 3200. [doc] Some rndc functions were undocumented or were 
missing from 'rndc -h' output. [RT #25555]
 2011-11-03 22:06:21 +00:00
Evan Hunt
2a7ac74960 remove 1/8 and 2/8 from bogusnets example 2011-11-03 04:53:27 +00:00
Evan Hunt
0c25a44aac 3194. [doc] Updated RFC references in the 'empty-zones-enable' 
documentation. [RT #25203]
 2011-11-03 03:08:33 +00:00
Evan Hunt
9c03f13e18 3185. [func] New 'rndc signing' option for auto-dnssec zones: 
- 'rndc signing -list' displays the current
			   state of signing operations
			 - 'rndc signing -clear' clears the signing state
		  	   records for keys that have fully signed the zone
			 - 'rndc signing -nsec3param' sets the NSEC3
			   parameters for the zone
			The 'rndc keydone' syntax is removed. [RT #23729]
 2011-10-28 06:20:07 +00:00
Evan Hunt
9570ddcd41 3180. [func] Local copies of slave zones are now saved in raw 
format by default, to improve startup performance.
			'masterfile-format text;' can be used to override
			the default, if desired. [RT #25867]
 2011-10-26 15:23:37 +00:00
Mark Andrews
b1c6de5456 3177. [func] 'rndc keydone', remove the indicator record that 
named has finished signing the zone with the
                        corresponding key.  [RT #26206]
 2011-10-25 01:54:22 +00:00
Automatic Updater
085e84f19b add missing </listitems> 2011-10-13 23:44:47 +00:00
Vernon Schryver
9fee08f655 Commit rt25172 changes to HEAD including 
- fix precedence among competing rules
  - improve ARM text including documenting rule precedence
  - try to rewrite CNAME chains until first hit
  - new "rpz" logging channel
  - same fix for "NS ." as in RT 24985
 2011-10-13 01:32:34 +00:00
Mark Andrews
3952b16164 fix default for sig-signing-type 2011-10-06 11:50:20 +00:00
Mark Andrews
6e1b287107 rt21764 session-* fixes 2011-10-06 11:31:57 +00:00
Scott Mann
fad5116b3d Remove the ixfr-from-differences side-effect which causes an AXFR and extend 
request-ixfr to the zone level.
 2011-09-06 22:29:33 +00:00
Mark Andrews
9198ab377b 3147. [func] Initial inline signing support. [RT #23657] 2011-08-30 05:16:15 +00:00
Mark Andrews
ce97ba9c94 unbalance tag <replaceable> x2 2011-08-03 01:19:10 +00:00
Evan Hunt
0127993480 3140. [func] New command "rndc flushtree <name>" clears the 
specified name from the server cache along with
			all names under it. [RT #19970]
 2011-08-02 20:36:13 +00:00
Evan Hunt
cf63d32d55 3136. [func] Add RFC 1918 reverse zones to the list of built-in 
empty zones switched on by the 'empty-zones-enable'
			option. [RT #24990]
 2011-07-28 03:18:17 +00:00
Mark Andrews
a69070d8fa 3130. [func] Support alternate methods for managing a dynamic 
zone's serial number.  Two methods are currently
                        defined using serial-update-method, "increment"
                        (default) and "unixtime".  [RT #23849]
 2011-07-01 02:25:48 +00:00
Mark Andrews
0fc9a7b571 9.9 not 9.7 2011-06-21 05:33:21 +00:00
Evan Hunt
5e3affc6a0 3127. [bug] 'rndc thaw' will now remove a zone's journal file 
if the zone serial number has been changed and
			ixfr-from-differences is not in use.  [RT #24687]
 2011-06-10 01:32:38 +00:00
Mark Andrews
475b1ed9cc 3126. [security] Using DNAME record to generate replacements caused 
RPZ to exit with a assertion failure. [RT #23766]
 2011-06-09 03:10:17 +00:00
Evan Hunt
c5660d514b grammar repair 2011-05-23 20:11:14 +00:00
Evan Hunt
bfe32d08c5 3116. [func] New 'dnssec-update-mode' option controls updates 
of DNSSEC records in signed dynamic zones.  Set to
			'no-resign' to disable automatic RRSIG regeneration
			while retaining the ability to sign new or changed
			data. [RT #24533]
 2011-05-23 20:10:03 +00:00
Mark Andrews
7609e973f5 3113. [doc] Document the relationship between serial-query-rate 
and NOTIFY messages.
 2011-05-17 04:48:51 +00:00
Mark Andrews
0268e42b4e 3112. [doc] Add missing descriptions of the update policy name 
types "ms-self", "ms-subdomain", "krb5-self" and
                        "krb5-subdomain", which allow machines to update
                        their own records, to the BIND 9 ARM.
 2011-05-16 04:09:34 +00:00
Mark Andrews
aeea801711 fix also-notify 2011-05-08 06:49:18 +00:00
Mark Andrews
db334bba24 <command> -> </command> 2011-05-07 14:39:17 +00:00
Evan Hunt
0c3acefdc1 Additional documentation for change #3109 (forgot to mention named masters 
lists in the ARM).  Reviewed by Scott.
 2011-05-06 21:41:43 +00:00
Evan Hunt
ac21f918f2 3109. [func] The also-notify option now uses the same syntax 
as a zone's masters clause.  This means it is
			now possible to specify a TSIG key to use when
			sending notifies to a given server, or to include
			an explicit named masters list in an also-notfiy
			statement.  [RT #23508]
 2011-05-06 21:23:51 +00:00
Evan Hunt
39f2d1a96a 3102. [func] New 'dnssec-loadkeys-interval' option configures 
how often, in minutes, to check the key repository
			for updates when using automatic key maintenance.
			Default is every 60 minutes (formerly hard-coded
			to 12 hours). [RT #23744]

3101.	[bug]		Zones using automatic key maintenance could fail
			to check the key repository for updates. [RT #23744]
 2011-04-29 21:37:15 +00:00
Mark Andrews
9f36aef24c 3094. [doc] Expand dns64 documentation. 2011-04-06 04:20:58 +00:00
Evan Hunt
7cb226ec34 3084. [func] A new command "rndc sync" dumps pending changes in 
a dynamic zone to disk; "rndc sync -clean" also
			removes the journal file after syncing.  Also,
			"rndc freeze" no longer removes journal files.
			[RT #22473]
 2011-03-21 07:22:14 +00:00
Paul Ebersman
112a82e52a corrected edns-udp-size min size to 512. 2011-03-09 00:48:17 +00:00
Mark Andrews
0e507dbb81 2039. [func] Redirect on NXDOMAIN support. [RT #23146] 2011-02-23 03:08:11 +00:00
Mark Andrews
c1ee8bb4ba 3013. [bug] The DNS64 ttl was not always being set as expected. 
[RT #23034]
 2011-02-03 07:35:56 +00:00
Mark Andrews
000a8970f8 3011. [func] Change the default query timeout from 30 seconds 
to 10.  Allow setting this in named.conf using the new
                        'resolver-query-timeout' option, which specifies a max
                        time in seconds.  0 means 'default' and anything longer
                        than 30 will be silently set to 30. [RT #22852]
 2011-02-03 05:41:55 +00:00
Mark Andrews
6441e3675a recursion-only -> recursive-only 2011-01-22 01:21:05 +00:00
Mark Andrews
7292ae531b spelling 2011-01-20 10:17:23 +00:00
Mark Andrews
87708bde16 3008. [func] Response policy zones (RPZ) support. [RT #21726] 2011-01-13 01:59:28 +00:00
Mark Andrews
dc4fa197dd 3004. [func] DNS64 reverse support. [RT #22769] 2011-01-07 04:31:39 +00:00
Evan Hunt
3916872f37 3003. [experimental] Added update-policy match type "external", 
enabliing named to defer the decision of whether to
			allow a dynamic update to an external daemon.
			(Contributed by Andrew Tridgell.) [RT #22758]
 2011-01-06 23:24:39 +00:00
Automatic Updater
1da9dbcf48 update copyright notice 2011-01-04 23:47:14 +00:00
Evan Hunt
79bf7c874b 3001. [func] Added a default trust anchor for the root zone, which 
can be switched on by setting "dnssec-validation auto;"
			in the named.conf options. [RT #21727]
 2011-01-03 23:45:08 +00:00
Mark Andrews
5aaac798d8 s;<command/>;</command>; 2010-12-25 22:01:35 +00:00
Evan Hunt
d9ad0a55bb 3000. [bug] More TKEY/GSS fixes: 
- nsupdate can now get the default realm from
			   the user's Kerberos principal
			 - corrected gsstest compilation flags
			 - improved documentation
			 - fixed some NULL dereferences
			[RT #22795]
 2010-12-24 02:20:47 +00:00
Jeremy Reed
7c6972d6ca Remove duplicated check-mx explanation. 
Ebersman told me about it.
I opened ticket #22778 for this.
 2010-12-21 22:40:55 +00:00