2588 Commits

Author SHA1 Message Date
Michał Kępień
f76d95cdbb Prepare release notes for BIND 9.16.37 2023-01-12 22:34:32 +01:00
Evan Hunt
7fe2204a2e add a configuration option for the update quota
add an "update-quota" option to configure the update quota.

(cherry picked from commit f57758a730)
2023-01-12 12:21:36 +01:00
Evan Hunt
35711a29e5 add an update quota
limit the number of simultaneous DNS UPDATE events that can be
processed by adding a quota for update and update forwarding.
this quota currently, arbitrarily, defaults to 100.

also add a statistics counter to record when the update quota
has been exceeded.

(cherry picked from commit 7c47254a14)
2023-01-12 12:21:36 +01:00
Michał Kępień
f7bd3bd2b6 Update copyright year to 2023
(cherry picked from commit 1a5d707f52)
2023-01-02 14:24:23 +01:00
Tom Krizek
09ec13097f Merge tag 'v9_16_36' into v9_16
BIND 9.16.36
2022-12-22 09:51:08 +01:00
Michał Kępień
2ff2ce0307 Prepare release notes for BIND 9.16.36 2022-12-12 13:05:36 +01:00
Matthijs Mekking
e1924126c0 Document NS queries are excempt from minimal-responses
Also document that DNSKEY, DS, CDNSKEY, and CDS never do additional
section processing.

(cherry picked from commit f7b477f6ea)
2022-12-07 12:10:06 +01:00
Michal Nowak
33d2a173bf Add Fedora 37
(cherry picked from commit b293b2c638)
2022-11-21 14:00:22 +01:00
Michal Nowak
4563357ab8 Merge tag 'v9_16_35' into v9_16
BIND 9.16.35
2022-11-16 16:20:31 +01:00
Michal Nowak
27b0df2124 Add OpenBSD 7.2
(cherry picked from commit b239e6870d)
2022-11-15 10:44:04 +01:00
Petr Špaček
62a0d10014 Document that update-policy external is synchronous
(cherry picked from commit 7d352741a0)
2022-11-11 11:15:54 +01:00
Michał Kępień
20275113f5 Prepare release notes for BIND 9.16.35 2022-11-07 23:05:01 +01:00
Petr Špaček
04cd80c0f5 Repeat Known Issues at the top of Release Notes page
From now on all per-version notes link to the global list
of Known Issues. If there is a new note it should be listed twice:
In the per-version list, and in the global list.

(cherry picked from commit c58dd2790a)
2022-11-07 15:04:23 +01:00
Michał Kępień
f93e4c160c Bump Sphinx version to 5.3.0
Make the Sphinx version listed in doc/arm/requirements.txt match the
version currently used in GitLab CI, so that Read the Docs builds the
documentation using the same Python software versions as those used in
GitLab CI.

(cherry picked from commit a8f0ab7df6)
2022-10-24 11:45:25 +02:00
Aram Sargsyan
ee7179f482 Fix prefetch "trigger" value's documentation in ARM
For the prefetch "trigger" parameter ARM states that when a cache
record with a lower TTL value is encountered during query processing,
it is refreshed. But in reality, the record is refreshed when the TTL
value is lower or equal to the configured "trigger" value.

Fix the documentation to make it match with with the code.

(cherry picked from commit ef344b1f52)
2022-10-21 10:30:43 +00:00
Michal Nowak
1015ccf6a2 Merge tag 'v9_16_34' into v9_16
BIND 9.16.34
2022-10-20 12:51:06 +02:00
Michał Kępień
1fbff9bc80 Prepare release notes for BIND 9.16.34 2022-10-07 13:40:53 +02:00
Michal Nowak
9f27c3f95e Drop flake8 ignore lists
flake8 is not used in BIND 9 CI and inline ignore lists are not needed
anymore.

(cherry picked from commit f5d9fa6ea4)
2022-10-05 18:33:34 +02:00
Michal Nowak
7ae22392da Add Oracle Linux 9
(cherry picked from commit be08cf41d9)
2022-10-03 13:28:26 +02:00
Matthijs Mekking
df11527a9a Add inline-signing to config examples
Add 'inline-signing yes;' to configuration examples to have working
copy paste configurations.

(cherry picked from commit b13a0c8836d2d8bc5b4de1cdfcdb2057c0bb9d93)
2022-09-28 10:54:52 +02:00
Matthijs Mekking
5c0e98410f Update inline-signing requirement to ARM
This change was made in !6403, but the appropriate documentation
changes were not applied to the ARM.

(cherry picked from commit 7231383e4cc57caac36d03055e8627b12aa4b91a)
2022-09-28 10:54:52 +02:00
Michal Nowak
5b1ab4615a Add Fedora 36
(cherry picked from commit a313c49a3b)
2022-09-27 09:42:50 +02:00
Petr Menšík
e036ac4d3d Compatibility for building ARM on older sphinx
Make documentation building successful even on RHEL9 sphinx 3.4.3. It
does not like case-insensitive matching of terms, so provide lowercase
text description with Uppercase word reference.

(cherry picked from commit bc6c6b1184)
2022-09-26 17:29:07 +02:00
Ondřej Surý
f830737c51 Provide stronger wording about the security of statistics channel
Add more text about the importance of properly securing the statistics
channel and what is and what is not considered a security vulnerability.

(cherry-picked from commit 6869c98d36)
2022-09-21 17:49:49 +02:00
Michał Kępień
69c38b5e1c Merge tag 'v9_16_33' into v9_16
BIND 9.16.33
2022-09-21 13:21:29 +02:00
Michał Kępień
b54ee83d50 Prepare release notes for BIND 9.16.33 2022-09-08 14:33:43 +02:00
Aram Sargsyan
6f46bfe705 Document RRL processing for wildcard names
All valid wildcard domain names are interpreted as the zone's origin
name concatenated to the "*" name.

(cherry picked from commit 89c2032421)
2022-09-08 09:41:15 +02:00
Michal Nowak
87dc26e494 Add FreeBSD 13.1
(cherry picked from commit bc425be55e1736d4f2ffada5e8d76f96b08c8351)
2022-08-18 17:34:08 +02:00
Michal Nowak
16458122a8 Merge tag 'v9_16_32' into v9_16
BIND 9.16.32
2022-08-18 11:55:55 +02:00
Michal Nowak
591d58be6e Add OpenBSD 7.1
(cherry picked from commit 7edf8ab47cfd0cc3a633e941b2880ee11d75d6cd)
2022-08-16 17:17:34 +02:00
Michał Kępień
814d9f7bc8 Prepare release notes for BIND 9.16.32 2022-08-04 23:59:36 +02:00
Evan Hunt
1ed5eb38e4 clarify "max-zone-ttl" documentation
The "max-zone-ttl" option should now be configured as part of
dnssec-policy. Use of this option in zone/view/options will be ignored
in any zone that also has dnssec-policy configured.
2022-07-22 15:24:29 -07:00
Michal Nowak
a0e7b05aba Merge tag 'v9_16_31' into v9_16
BIND 9.16.31
2022-07-21 14:37:36 +02:00
Michal Nowak
0043999f54 Add Alpine Linux 3.16
(cherry picked from commit 0d0ab3db10)
2022-07-12 13:59:30 +02:00
Michał Kępień
59da803e86 Prepare release notes for BIND 9.16.31 2022-07-11 06:32:55 +02:00
Petr Špaček
75854c5e6b Rewrite DNSSEC Validation subchapter in the ARM
Mostly deduplicating and linking information across the ARM.
Generally people should not touch it unless they what they are doing, so
let's try to discourage them a bit.

(cherry picked from commit bffa3063f0)
2022-07-07 11:07:32 +02:00
Petr Špaček
c9e52437ca Resynchronize DNSSEC chapter with the main branch
This is essentially a backport of !6296.

Replace DNSSEC chapter with version from the main branch, commit
901b6425d2.

There were structural changes to the ARM in the main branch, and
replacing the whole file with a new version is an order of magniture
easier than attempting to cherry-pick individual changes which should, in
the end, produce the same file under a different name.

File names in the main branch and v9_16 are now in sync (for the DNSSEC
chapter).

Fixes: #3320
2022-07-07 10:34:06 +02:00
Evan Hunt
4897f3ccc0 Improve $GENERATE documentation
Clarify the documentation of $GENERATE modifiers and add an example.

(cherry picked from commit 13fb2faf7a)
2022-07-06 11:35:16 +10:00
Petr Špaček
561f2a3930 Declare Debian 9 (Stretch) community-maintained
(cherry picked from commit 4ce1f25210)
2022-06-28 17:59:21 +02:00
Matthijs Mekking
68105e66cf Add some clarifications wrt dynamic zones
These were suggested by GitLab user @elmaimbo.

(cherry picked from commit fb517eb52a)
2022-06-27 11:56:59 +02:00
Michal Nowak
009c7871ec Add Ubuntu 22.04 LTS (Jammy Jellyfish)
(cherry picked from commit 4c2af3bdfa)
2022-06-22 12:04:13 +02:00
Matthijs Mekking
e1f0acc3e7 Document where updates and DNSSEC records are stored
Make clear that inline-signing stores DNSSEC records in a signed
version of the zone, using the zone's filename plus ".signed" extension.

Tell that dynamic zones store updates in the zone's filename.

DNSSEC records for dynamic zones also go in the zone's filename, unless
inline-signing is enabled.

Then, dnssec-policy assumes inline-signing, but only if the zone is
not dynamic.

(cherry picked from commit 8860f6b4ff)
2022-06-20 16:50:42 +02:00
Petr Špaček
3eae58207a Update NSEC3 guidance to match draft-ietf-dnsop-nsec3-guidance-10
https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-nsec3-guidance-10
is on it's way to become RFC, so let's update our recommendations in the
docs to be in line with it.

The default values for dnssec-policy and dnssec-signzone were adapted to
match v9_16 branch.

(cherry picked from commit 2ee3f4e6c8)
2022-06-15 18:10:50 +02:00
Michał Kępień
68fadd52c1 Merge tag 'v9_16_30' into v9_16
BIND 9.16.30
2022-06-15 16:02:06 +02:00
Tom Krizek
b3c7bd1c04 Auto-format Python files with black
This patch is strictly the result of:
$ black $(git ls-files '*.py' '*.py.in')

There have been no manual changes.
2022-06-08 13:34:19 +02:00
Michał Kępień
501ac73a7c Prepare release notes for BIND 9.16.30 2022-06-02 20:57:12 +02:00
Petr Špaček
cc1599e454 ARM style change: render literals in black color
After enormous amount of bikesheding about colors we decided to override
ReadTheDocs default style for literals (``literal`` in the RST markup).

Justification:
- The default RTD "light red literal on white background" is hard to
  read.  https://webaim.org/resources/contrastchecker/ reports that text
  colored as rgb(231, 76, 60) on white background has insufficient
  contrast.
- The ARM has enormous amount of literals all over the place and thus
  one sentence can contain several black/red/black color changes. This
  is distracting. As a consequence, the ARM looks like a Geronimo
  Stilton book.

What we experimented with as replacements for red:
- Green - way too distracting
- Blue - too similar to "usual clickable link"
- Violet - too Geronimo Stilton style
- Brown - better but still distracting

After all the bikesheding we settled on black, i.e. the same as all
"normal" text. I.e. the color is now the same and literals are denoted
by monospaced font and a box around the literal. This has best contrast
and is way less distracting than it used to be.

This lead to a new problem: Internal references to "term definitions"
defined using directives like .. option:: were rendered almost the same
as literals:
- References: monospaced + box + bold + clickable
- Literals: monospaced + box To distinguish these two we added black
  dotted underline to clickable references.

I hereby declare the bikeshed painted.

(cherry picked from commit 833af31e7b)
2022-06-02 17:24:41 +02:00
Petr Špaček
dafacea24c Allow wrapping for ARM table content
RTD style default never wraps <th> and <td> elements and that just does
not work for real sentences or any other long lines.

We can reconsider styling some tables separately, but at the moment we
do not have use for tables with long but unwrappable lines so it's
easier to allow wrapping globally.

(cherry picked from commit a5dd98ac1b)
2022-06-02 17:24:39 +02:00
Michal Nowak
db5f8ebb6f Merge tag 'v9_16_29' into v9_16
BIND 9.16.29
2022-05-19 13:14:59 +02:00
Matthijs Mekking
24913fc696 Remove confusing parental-source line
Remove the line "This address must appear in the secondary server’s
parental-agents zone clause". This line is a copy paste error from
notify-source.

Rewrap.

(cherry picked from commit 313f606692)
2022-05-11 15:01:35 +00:00