child zones for which we don't have a supported
algorithm. Such child zones are treated as unsigned.
1557. [func] Implement missing DNSSEC tests for
* NOQNAME proof with wildcard answers.
* NOWILDARD proof with NXDOMAIN.
Cache and return NOQNAME with wildcard answers.
[RT #6496]
implemented by marka, reviewed and documented by jinmei.
Notes:
lib/dns/zone.c had to be modified manually.
ARM html files were not regenerated (yet).
delegation-only check to all TLDs and root.
Note there are some TLDs that are NOT delegation
only (e.g. DE and MUSEUM) these can be excluded
from the checks buy using exclude.
root-delegation-only exclude { "DE"; "MUSEUM"; };
from BIND 8. See use-alt-transfer-source,
alt-transfer-source-v4 and alt-transfer-source-v6.
SECURITY: use-alt-transfer-source is ENABLED unless
you are using views. This may caues a security risk
resulting in accidental disclosure of wrong zone
content if the master supplying different source
content based on IP address. If you are not certian
ISC recommends setting use-alt-transfer-source no;
developer: marka
reviewer: explorer
been replaced with DNS_ADBFIND_STARTATZONE which
causes the search to start using the closest zone.
1444. [func] dns_view_findzonecut2() allows you to specify if the
cache should be searched for zonecuts.
developer: marka
reviewer: explorer
dns_portlist_create(), dns_portlist_add(),
dns_portlist_remove(), dns_portlist_match(),
dns_portlist_attach() and dns_portlist_detach().
1441. [func] It is now possible to tell dig to bind to a specific
source port.
1440. [func] It is now possible to tell named to avoid using
certian source ports (avoid-v4-udp-ports,
avoid-v6-udp-ports).
developer: marka
reviewer: explorer
stalled transfers.
1435. [bug] zmgr_resume_xfrs() was being called read locked
rather than write locked. zmgr_resume_xfrs()
was not being called if the zone was being
shutdown.
1434. [bug] "rndc reconfig" failed to initiate the initial
zone transfer of new slave zones.
developer: marka
reviewer: explorer
in a acl. Remove duplicate entries from the localnets
acl.
1393. [port] Bind to individual IPv6 interfaces if IPV6_IPV6ONLY
is not available in the kernel to prevent accidently
listening on IPv4 interfaces.
developer: jinmei
reviewer: marka
states.
1378. [func] Improved positive feedback for 'rndc {reload|refresh}.
1377. [func] dns_zone_load{new}() now reports if the zone was
loaded, queued for loading to up to date.
1376. [func] New function dns_zone_logc() to log to specified
category.
the same port for listening and querying, and changing listening addresses
several times. [RT# 3509]
additionally,
+ limited the canceled socket tasks in dispatch.c
+ made dns_dispatch_changeattributes() care about the NOLISTEN mask
+ described side effects of dns_dispatch_changeattributes() in its
description comment
