Squashed commit of the following:
commit 7ad3daade513c94a1c92ee7c91c112f161d13ef4
Author: Mark Andrews <marka@isc.org>
Date: Mon Dec 3 15:03:44 2012 +1100
look at the second token to determine if a TXT record in of unknown format or not
commit 7df32138462646f6aee84ffa56d02ac24ec8d672
Author: Mark Andrews <marka@isc.org>
Date: Mon Dec 3 12:42:18 2012 +1100
'"\#"' was incorrectly being treated as a unknown data escape sequence.
commit 4d29cea2ea05491a7afebc343e41d9b6ad58f068
commit 3211da9716e5ecc0bb758666db70a667ca5a944e
commit 884b6f5d5e9b1f50757c606adafabe382b90c80b
commit 53f82565f72f091a46caed754db160e4a7a2d161
Merge: 8f73664 9698f42
commit 8f73664e7bdc04f766ddcccfb5fc5f857a22326a
for rt26172
Add
- optional "recursive-only yes|no" to the response-policy statement
- optional max-policy-ttl to limit the lies that "recursive-only no"
can introduce into resolvers' caches
- test that queries with RD=0 are not rewritten by default
- performance smoke test
Change encoding of PASSTHRU action to "rpz-passthru".
(The old encoding is still accepted.)
Fix rt26180 assert botch in zone_findrdataset() in this branch
as well.
Fix missing signatures on NOERROR results despite RPZ hits
when there are signatures and the client asks for DNSSEC,
3329. [bug] Handle RRSIG signer-name case consistently: We
generate RRSIG records with the signer-name in
lower case. We accept them with any case, but if
they fail to validate, we try again in lower case.
[RT #27451]
- fix precedence among competing rules
- improve ARM text including documenting rule precedence
- try to rewrite CNAME chains until first hit
- new "rpz" logging channel
negative-cache records rather than using rrtype 0;
this will prevent problems when that rrtype is
used in actual DNS packets. [RT #24777]
3123. [security] Change #2912 exposed a latent flaw in
dns_rdataset_totext() that could cause named to
crash with an assertion failure. [RT #24777]
