4235. [func] Added support in named for "dnstap", a fast method of
capturing and logging DNS traffic, and a new command
"dnstap-read" to read a dnstap log file. Use
"configure --enable-dnstap" to enable this
feature (note that this requires libprotobuf-c
and libfstrm). See the ARM for configuration details.
Thanks to Robert Edmonds of Farsight Security.
[RT #40211]
4080. [func] Completed change #4022, adding a "lock-file" option
to named.conf to override the default lock file,
in addition to the "named -X <filename>" command
line option. Setting the lock file to "none"
using either method disables the check completely.
[RT #37908]
Conflicts:
bin/tests/system/conf.sh.in
lib/dns/win32/libdns.def.in
lib/isc/win32/file.c
The merge also needed to update files in legacy and tcp system tests
(newly introduced in master after branch was created) to introduce use
of lockfile.
3705. [func] "configure --enable-native-pkcs11" enables BIND
to use the PKCS#11 API for all cryptographic
functions, so that it can drive a hardware service
module directly without the need to use a modified
OpenSSL as intermediary (so long as the HSM's vendor
provides a complete-enough implementation of the
PKCS#11 interface). This has been tested successfully
with the Thales nShield HSM and with SoftHSMv2 from
the OpenDNSSEC project. [RT #29031]
3605. [port] win32: Addressed several compatibility issues
with newer versions of Visual Studio. [RT #33916]
Squashed commit of the following:
commit 4127af15f85da90cf2bd3a0c5a558daae89e833a
Author: Francis Dupont <fdupont@isc.org>
Date: Tue Jun 25 22:41:53 2013 +0200
make the last change to be text
commit 21ef4891b9ee3e3aefb45d4c80d5cb7ec78f264f
Author: Curtis Blackburn <ckb@isc.org>
Date: Tue Jun 25 12:35:08 2013 -0500
[rt33916] re-worded for easier reading
commit 83828e47e62fea4070441e645ba8fed338255ceb
Author: Francis Dupont <fdupont@isc.org>
Date: Mon Jun 24 16:08:11 2013 +0200
introduce a VCRedistPath env var
commit 0337f2554f168993a65945e78c2879e9bfca5293
Author: Francis Dupont <fdupont@isc.org>
Date: Sun Jun 23 01:23:26 2013 +0200
_adjust_fdiv for VS < 2010
commit 375fdd5c06be276b0ff0ad589c0e22b809339fe9
Author: Francis Dupont <fdupont@isc.org>
Date: Thu Jun 20 16:27:04 2013 +0200
move to MSVC v1600 as it still breaks on VS 2010
commit bfcaf72071e9d8df1d0ce0c5f05b69acd51bf698
Author: Francis Dupont <fdupont@isc.org>
Date: Thu Jun 20 15:57:35 2013 +0200
WIN32: avoid addrinfo redef
commit 18504c3e50b11e66a0b573c7cb3d61094bfa5b52
Author: Francis Dupont <fdupont@isc.org>
Date: Thu Jun 20 15:54:38 2013 +0200
WIN32: fseek/ftell
commit f9a4fdccc5ab1c74c64412fb76da7dfd161787b2
Author: Francis Dupont <fdupont@isc.org>
Date: Thu Jun 20 15:13:01 2013 +0200
fix WIN32 error redefs in net.h (isc ad lwres libs)
3523. [contrib] Ported filesystem and ldap DLZ drivers to
dynamically-loadable modules, and added the
"wildcard" module based on a contribution from
Vadim Goncharov <vgoncharov@nic.ru>. [RT #23569]
- handle malformed answers from DLZ better:
- handle dlz_lookup errors better:
when the first lookup of a name returns an unexpected failure code,
we return it to the caller rather than continuing on to look up
the wildcard. we now only continue processing if the return from
the first lookup was either ISC_R_SUCCESS or ISC_R_NOTFOUND.
- improved backward-compatibility for dlz_version:
added a DLZ_DLOPEN_AGE value indicating how many versions
back from the current DLZ_DLOPEN_VERSION named will support
3434. [bug] Pass client info to the DLZ findzone() entry
point in addition to lookup(). This makes it
possible for a database to answer differently
whether it's authoritative for a name depending
on the address of the client. [RT #31775]
