- multiple DLZ's can be specified, including multiple DLZ's using
the same driver; e.g., two different back-ends both loaded by the
dlopen driver
- new "search" option can be specified in a DLZ indicating whether
this DLZ database should be searched for unknown zones. The
default is "yes". If "no", then the zone can only be found by
named if it's registered in the zone table, which happens if the
zone is configured for dynamic updates, or if "dlz <dlzname>" is
specified in the zone statement. (The latter functionality is
incomplete in this commit).
- fix precedence among competing rules
- improve ARM text including documenting rule precedence
- try to rewrite CNAME chains until first hit
- new "rpz" logging channel
- same fix for "NS ." as in RT 24985
of DNSSEC records in signed dynamic zones. Set to
'no-resign' to disable automatic RRSIG regeneration
while retaining the ability to sign new or changed
data. [RT #24533]
as a zone's masters clause. This means it is
now possible to specify a TSIG key to use when
sending notifies to a given server, or to include
an explicit named masters list in an also-notfiy
statement. [RT #23508]
how often, in minutes, to check the key repository
for updates when using automatic key maintenance.
Default is every 60 minutes (formerly hard-coded
to 12 hours). [RT #23744]
3101. [bug] Zones using automatic key maintenance could fail
to check the key repository for updates. [RT #23744]
to 10. Allow setting this in named.conf using the new
'resolver-query-timeout' option, which specifies a max
time in seconds. 0 means 'default' and anything longer
than 30 will be silently set to 30. [RT #22852]
by Andrew Tridgell of the Samba project.) [RT #22629]
2988. [experimental] Added a "dlopen" DLZ driver, allowing the creation
of external DLZ drivers that can be loaded as
shared objects at runtime rather than linked with
named. Currently this is switched on via a
compile-time option, "configure --with-dlz-dlopen".
Note: the syntax for configuring DLZ zones
is likely to be refined in future releases.
(Contributed by Andrew Tridgell of the Samba
project.) [RT #22629]
2987. [func] Improve ease of configuring TKEY/GSS updates by
adding a "tkey-gssapi-keytab" option. If set,
updates will be allowed with any key matching
a principal in the specified keytab file.
"tkey-gssapi-credential" is no longer required
and is expected to be deprecated. (Contributed
by Andrew Tridgell of the Samba project.)
[RT #22629]
support for addzone/delzone feature (see change
#2930). Removed "new-zone-file" option, replaced
with "allow-new-zones (yes|no)". The new-zone-file
for each view is now created automatically, with
a filename generated from a hash of the view name.
It is no longer necessary to "include" the
new-zone-file in named.conf; this happens
automatically. Zones that were not added via
"rndc addzone" can no longer be removed with
"rndc delzone". [RT #19447]
