3983. [bug] Change #3940 was incomplete: negative trust anchors
could be set to last up to a week, but the
"nta-lifetime" and "nta-recheck" options were
still limted to one day. [RT #37522]
3933. [bug] Corrected the implementation of dns_rdata_casecompare()
for the HIP rdata type. [RT #36911]
3932. [test] Improved named-checkconf tests. [RT #36911]
3746. [func] New "max-zone-ttl" option enforces maximum
TTLs for zones. If loading a zone containing a
higher TTL, the load fails. DDNS updates with
higher TTLs are accepted but the TTL is truncated.
(Note: Currently supported for master zones only;
inline-signing slaves will be added.) [RT #38405]
3535. [func] Add support for setting Differentiated Services Code
Point (DSCP) values in named. Most configuration
options which take a "port" option (e.g.,
listen-on, forwarders, also-notify, masters,
notify-source, etc) can now also take a "dscp"
option specifying a code point for use with
outgoing traffic, if supported by the underlying
OS. [RT #27596]
3432. [func] Multiple DLZ databases can now be configured.
DLZ databases are searched in the order configured,
unless set to "search no", in which case a
zone can be configured to be retrieved from a
particular DLZ database by using a "dlz <name>"
option in the zone statement. DLZ databases can
support type "master" and "redirect" zones.
[RT #27597]
3408. [bug] Some DNSSEC-related options (update-check-ksk,
dnssec-loadkeys-interval, dnssec-dnskey-kskonly)
are now legal in slave zones as long as
inline-signing is in use. [RT #31078]
- multiple DLZ's can be specified, including multiple DLZ's using
the same driver; e.g., two different back-ends both loaded by the
dlopen driver
- new "search" option can be specified in a DLZ indicating whether
this DLZ database should be searched for unknown zones. The
default is "yes". If "no", then the zone can only be found by
named if it's registered in the zone table, which happens if the
zone is configured for dynamic updates, or if "dlz <dlzname>" is
specified in the zone statement. (The latter functionality is
incomplete in this commit).
