Remove the CFG_CLAUSEFLAG_EXPERIMENTAL flag from the
"trust-anchor-telemetry" statement as the behavior of the latter has not
been changed since its initial implementation and there are currently no
plans to do so. This silences a relevant log message that was emitted
even when the feature was explicitly disabled.
(cherry picked from commit b1baf7af3a)
these options control default timing of retries in the resolver
for experimental purposes; they are not known to useful in production
environments. they will be removed in the future; for now, we
only log a warning if they are used.
(cherry picked from commit 4aaa4f7dca)
The system tests on OpenBSD consistently exhibit lower stability
compared to our other CI platforms. Some of these challenges are
intrinsic to the system test itself and require attention. However,
there are OpenBSD issues, which seem to be more widespread on this
platform than others. In our daily CI pipelines, OpenBSD system tests
often bear the brunt of all failed CI jobs.
It's possible that our OpenBSD CI image could be optimized, but we
currently lack the domain-specific knowledge needed to make
improvements.
(cherry picked from commit 2ab292c169)
Move i386 and other less common or ancient CPU architectures to
Community-Maintened category. Move armhf and arm64 to the Best-Effort
category as we do test them as part of development work (new MacBooks
are all arm64), we don't really do full set of tests in the CI.
(cherry picked from commit db94c7526c)
Basically all local data is considered trusted, and proper ACLs and
limits need to be explicitly configured. We are also free to let
protocol non-compliant servers burn in flames.
(cherry picked from commit fc907baa7f)
The new :cve: Sphinx role takes a CVE number as an argument and creates
a hyperlink to the relevant ISC Knowledgebase document that might have
more up-to-date or verbose information than the relevant release note.
This makes reaching ISC Knowledgebase pages directly from the release
notes easier.
Make all CVE references in the release notes use the new Sphinx role.
(cherry picked from commit 41b857e567)
Update Sphinx-related Python packages to their current versions pulled
in by "pip install sphinx-rtd-theme" run in a fresh virtual environment.
(cherry picked from commit 2f879cdec3)
The dnssec-must-be-secure feature was added in the early days of BIND 9
and DNSSEC and it makes sense only as a debugging feature.
Remove the feature to simplify the code.
(cherry picked from commit 9e0b348a2b)
Add the text "TTL-style unit suffixes or ISO 8601 duration formats",
just like we do at other places that are duration option types.
Also, in the dnssec-policy "keys" example, use a TTL-style unit too.
(cherry picked from commit b5a757c452)
There's a statement that says: "Here is an example (for illustration
purposes only) of some possible entries in a [keys] list:", and that
links to the wrong "keys" statement (it links to the TSIG keys section).
Remove the reference, as we are already in the right section.
(cherry picked from commit 07c70ea2bd)
