3496. [func] Improvements to RPZ performance. The "response-policy"
syntax now includes a "min-ns-dots" clause, with
default 1, to exclude top-level domains from
NSIP and NSDNAME checking. [RT #32251]
Response policy (rpz) changes to
- add zone statistics
- speed up by adding min-ns-dots to the response-policy syntax
with a default of 1
- detect and reject policy zones with a database other than rbt
only rbtdb has rpz hooks
- allow empty response-policy{} statement
- make --enable-rpz-nsip and --enable-rpz-nsdname the default
(cherry picked from commit 8159e80279408be50d31db5d853ae2736bd1934d)
place where the NOQNAME proof needed to be saved.
[RT #32629]
Squashed commit of the following:
commit cdef844f57bd3eb30b1f77135b89b6f9360e8bee
Author: Mark Andrews <marka@isc.org>
Date: Sat Feb 16 00:27:14 2013 +1100
whitespace
commit 60eb7e3f6cdd102d6aaf0fb4ada8c552576e4502
Author: Mark Andrews <marka@isc.org>
Date: Sat Feb 16 00:19:51 2013 +1100
return noqname proof with +cd and dlv
3486. [bug] named could crash when using TKEY-negotiated keys
that had been deleted and then recreated. [RT #32506]
(cherry picked from commit 0b8bd3a4ae)
3470. [bug] Slave zones could fail to dump when successfully
refreshing after an initial failure. [RT #31276]
(cherry picked from commit 214836c184)
(cherry picked from commit ddfed3060a)
3468. [security] RPZ rules to generate A records (but not AAAA records)
could trigger an assertion failure when used in
conjunction with DNS64. [RT #32141]
(cherry picked from commit 71f8edccba)
[RT #32315]
Squashed commit of the following:
commit ad40744e2c7dc253b70857bb229def5dd194b418
Author: Mark Andrews <marka@isc.org>
Date: Fri Jan 4 17:24:45 2013 +1100
logfileconfig spams the system log files
Conflicts:
bin/named/main.c
Conflicts:
bin/tests/system/logfileconfig/tests.sh
3448. [bug] The allow-query-on ACL was not processed correctly.
[RT #29486]
(cherry picked from commit 222d38735f)
(cherry picked from commit 8d9207a17b)
