3525. [func] Support for additional signing algorithms in rndc:
hmac-sha1, -sha224, -sha256, -sha384, and -sha512.
The -A option to rndc-confgen can be used to
select the algorithm for the generated key.
(The default is still hmac-md5; this may
change in a future release.) [RT #20363]
3524. [func] Added an alternate statistics channel in JSON format,
when the server is built with the json-c library:
http://[address]:[port]/json. [RT #32630]
3506. [func] When setting "max-cache-size" and "max-acache-size",
the keyword "unlimited" is no longer defined as equal
to 4 gigabytes (except on 32-bit platforms); it
means literally unlimited. [RT #32358]
3505. [bug] When setting "max-cache-size" and "max-acache-size",
larger values than 4 gigabytes could not be set
explicitly, though larger sizes were available
when setting cache size to 0. This has been
corrected; the full range is now available.
[RT #32358]
3504. [func] Add support for ACLs based on geographic location,
using MaxMind GeoIP databases. Based on code
contributed by Ken Brownfield <kb@slide.com>.
[RT #30681]
3501. [func] zone-statistics now takes three options: full,
terse, and none. "yes" and "no" are retained as
synonyms for full and terse, respectively. [RT #29165]
3432. [func] Multiple DLZ databases can now be configured.
DLZ databases are searched in the order configured,
unless set to "search no", in which case a
zone can be configured to be retrieved from a
particular DLZ database by using a "dlz <name>"
option in the zone statement. DLZ databases can
support type "master" and "redirect" zones.
[RT #27597]
3408. [bug] Some DNSSEC-related options (update-check-ksk,
dnssec-loadkeys-interval, dnssec-dnskey-kskonly)
are now legal in slave zones as long as
inline-signing is in use. [RT #31078]
