upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-27 12:02:10 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
25079 commits 18 branches 854 tags 440 MiB
Commit graph

5301 commits

Author SHA1 Message Date
Jeremy C. Reed
c0fc4a1abd add missing space 
noticed in manual review of the PDF
minor so wasn't reviewed
 2015-09-10 09:32:29 -05:00
Mark Andrews
3dd63ba00f 4199. [protocol] Add support for NINFO, RKEY, TA. 
[RT #40545] [RT #40547] [RT #40563]
 2015-09-10 17:58:29 +10:00
Mark Andrews
63874956de 4199. [protocol] Add support for NINFO, RKEY. [RT #40547] [RT #40563] 2015-09-10 17:07:05 +10:00
Mark Andrews
8b29fc0b7a 4199. [protocol] Add support for RKEY. [RT #40563] 2015-09-10 14:50:20 +10:00
Tinderbox User
81199ce5ba regen master 2015-09-10 01:06:15 +00:00
Mark Andrews
4ca7391e64 4196. [doc] Improve how "enum + other" types are documented. 
[RT #40608]

4195.   [bug]           'max-zone-ttl unlimited;' was broken. [RT #40608]
 2015-09-09 17:02:11 +10:00
Tinderbox User
f6e04b5923 regen master 2015-09-09 01:06:29 +00:00
Jeremy C. Reed
176b2c47db fix grammar for keys to use key_id 
This is for ticket #23009.
Remove statement about grammar too.
No CHANGES entry done.
 2015-09-08 15:15:42 -05:00
Jeremy C. Reed
4de43d2854 improve dnssec-enable and dnssec-validation documentation 
This is for #37362
Okayed via jabber
No CHANGES entry
 2015-09-08 15:53:58 -04:00
Tinderbox User
1acae3ea5e regen master 2015-09-05 01:07:14 +00:00
Jeremy C. Reed
1a2469058c mention seconds for max-zone-ttl, max-cache-ttl, min-refresh-time, max-policy-ttl in ARM 
This is for ticket 38106.
The initial patch was okayed, but then another commenter mentioned
that max-zone-ttl also allows TTL units so I mention that also
without review.
Note for the ticket, resolver-query-timeout change was
already handled last month in my commit 8789f39b
 2015-09-04 14:30:48 -04:00
Jeremy C. Reed
1c2152e58f fix missing space (noticed in April, bug 39228) and fix grammar 2015-09-04 13:59:35 -04:00
Tinderbox User
a8fa482d0c regen master 2015-09-01 01:05:53 +00:00
Jeremy C. Reed
0d0e6f70ba grammar 2015-08-31 10:21:35 -05:00
Mark Andrews
483f1611fc update list of supported types in the ARM 2015-08-31 15:15:55 +10:00
Tinderbox User
f7eed06a3c regen master 2015-08-28 01:06:29 +00:00
Evan Hunt
4c9ead8b9f [master] fix incorrect bug ID 2015-08-27 10:22:46 -07:00
Tinderbox User
7e3f5fbcf8 regen master 2015-08-21 01:04:49 +00:00
Jeremy C. Reed
8789f39b12 mention resolver-query-timeout is in "seconds" 
I didn't get this reviewed but looked at source where
dns_resolver_settimeout value is called "seconds"
and the comments for the maximum and default macros say "seconds".
 2015-08-20 15:36:27 -05:00
Tinderbox User
95273fcb70 regen master 2015-08-16 01:05:36 +00:00
Evan Hunt
c40d8676c2 [master] fix copyright 2015-08-14 19:57:22 -07:00
Tinderbox User
310f88d008 [master] fix the o umlaut for HTML and TXT too 2015-08-15 02:55:15 +00:00
Tinderbox User
c266f8b440 regen master 2015-08-14 01:04:59 +00:00
Tinderbox User
ca5b644b9e update copyright notice / whitespace 2015-08-13 23:45:25 +00:00
Evan Hunt
afc3103851 [master] add CVE number 2015-08-13 15:30:49 -07:00
Tinderbox User
f619a2035b document omlaut 2015-08-13 20:43:29 +00:00
Tinderbox User
a73d9c0b4d support umlaut 'o' 2015-08-13 19:42:19 +00:00
Tinderbox User
aa6c5a3e33 regen master 2015-08-13 01:26:22 +00:00
Evan Hunt
9716b6a5d6 [master] xml doesn't define ö 2015-08-12 18:16:04 -07:00
Mark Andrews
c631ff56bf Updated CHANGES note to include require-server-cookie: 
4152.   [func]          Implement DNS COOKIE option.  This replaces the
                        experimental SIT option of BIND 9.10.  The following
                        named.conf directives are available: send-cookie,
                        cookie-secret, cookie-algorithm, nocookie-udp-size
                        and require-server-cookie.  The following dig options
                        are available: +[no]cookie[=value] and +[no]badcookie.
                        [RT #39928]
 2015-08-13 08:26:23 +10:00
Mark Andrews
b63a83eea8 update 2015-08-12 22:58:07 +10:00
Evan Hunt
c707e2b986 [master] fix length check in OPENPGPKEY 
4170.	[security]	An incorrect boundary check in the OPENPGPKEY
			rdatatype could trigger an assertion failure.
			[RT #40286]
 2015-08-11 20:01:44 -07:00
Tinderbox User
5002bd49e8 regen master 2015-08-08 01:06:01 +00:00
Evan Hunt
ce9f893e21 [master] address buffer accounting error 
4168.	[security]	A buffer accounting error could trigger an
			assertion failure when parsing certain malformed
			DNSSEC keys. (CVE-2015-5722) [RT #40212]
 2015-08-07 13:16:10 -07:00
Jeremy C. Reed
658b0ec21c fix spelling typo 2015-08-07 12:31:55 -04:00
Tinderbox User
964783e7e8 regen master 2015-08-07 01:06:05 +00:00
Evan Hunt
d2f45d7ffd [master] revert incorrect 'correction' 2015-08-05 12:15:25 -07:00
Tinderbox User
233da44607 regen master 2015-08-01 01:05:43 +00:00
Evan Hunt
7ed374872f [master] corrected relnotes -- assertion in name.c not message.c 2015-07-31 12:03:29 -07:00
Mark Andrews
090ba6ff30 update 2015-07-26 06:45:53 +10:00
Tinderbox User
98e1584b29 update copyright notice / whitespace 2015-07-24 23:45:21 +00:00
Mark Andrews
b2b408e4ed update 2015-07-24 23:39:58 +10:00
Mark Andrews
364162f4ae update 2015-07-24 15:05:20 +10:00
Mark Andrews
230f8da57c update 2015-07-24 14:58:21 +10:00
Tinderbox User
5d564da348 regen master 2015-07-24 01:04:59 +00:00
Mark Andrews
98869e60fa whitespace 2015-07-23 17:56:03 +10:00
Tinderbox User
bd84b04e4f regen master 2015-07-21 01:05:05 +00:00
Evan Hunt
8a205b4534 [master] remove accidentally duplicated section on clients-per-query 2015-07-20 15:25:28 -07:00
Tinderbox User
bd9a66d553 regen master 2015-07-15 01:04:58 +00:00
Mark Andrews
84114ec4c7 request-nsid -> request-sit 2015-07-15 08:38:08 +10:00
Mark Andrews
c5eb9add52 add CVE-2015-5477 2015-07-15 07:51:06 +10:00
Tinderbox User
b3338fc248 regen master 2015-07-11 01:05:48 +00:00
Tinderbox User
c0cbdeedb5 regen master 2015-07-10 01:05:03 +00:00
Evan Hunt
1479200aa0 [master] DDoS mitigation features 
3938.	[func]		Added quotas to be used in recursive resolvers
			that are under high query load for names in zones
			whose authoritative servers are nonresponsive or
			are experiencing a denial of service attack.

			- "fetches-per-server" limits the number of
			  simultaneous queries that can be sent to any
			  single authoritative server.  The configured
			  value is a starting point; it is automatically
			  adjusted downward if the server is partially or
			  completely non-responsive. The algorithm used to
			  adjust the quota can be configured via the
			  "fetch-quota-params" option.
			- "fetches-per-zone" limits the number of
			  simultaneous queries that can be sent for names
			  within a single domain.  (Note: Unlike
			  "fetches-per-server", this value is not
			  self-tuning.)
			- New stats counters have been added to count
			  queries spilled due to these quotas.

			See the ARM for details of these options. [RT #37125]
 2015-07-08 22:53:39 -07:00
Tinderbox User
40f508f08b regen master 2015-07-08 01:04:56 +00:00
Evan Hunt
70d987def5 [master] traffic size stats 
4156.	[func]		Added statistics counters to track the sizes
			of incoming queries and outgoing responses in
			histogram buckets, as specified in RSSAC002.
			[RT #39049]
 2015-07-06 22:29:06 -07:00
Mukund Sivaraman
33ca26968b Allow RPZ rewrite logging to be configured on a per-zone basis (#39754) 2015-07-06 08:57:51 +05:30
Tinderbox User
1879ff4932 regen master 2015-07-06 01:04:49 +00:00
Mark Andrews
ce67023ae3 4152. [func] Implement DNS COOKIE option. This replaces the 
experimental SIT option of BIND 9.10.  The following
                        named.conf directives are avaliable: send-cookie,
                        cookie-secret, cookie-algorithm and nocookie-udp-size.
                        The following dig options are available:
                        +[no]cookie[=value] and +[no]badcookie.  [RT #39928]
 2015-07-06 09:44:24 +10:00
Mark Andrews
aa3bffca69 whitespace 2015-07-04 12:50:29 +10:00
Tinderbox User
6cd01c0a96 regen master 2015-06-30 01:04:57 +00:00
Tinderbox User
0a4f0f6ab6 regen master 2015-06-26 01:05:04 +00:00
Witold Krecicki
f10a67dad2 Add statistics counters for nxdomain redirections. [RT #39790] 2015-06-25 09:21:50 +02:00
Tinderbox User
0da3028ccf regen master 2015-06-20 01:05:58 +00:00
Witold Krecicki
6a3249533a fix rpz-client-ip documentation [RT #39783] 2015-06-19 10:23:53 +02:00
Tinderbox User
b708ffc480 regen master 2015-06-19 01:05:11 +00:00
Mukund Sivaraman
f4d1c19691 Add comma 2015-06-17 12:23:44 +05:30
Mark Andrews
572e95f52a add release notes for CVE-2015-4620 2015-06-17 11:19:53 +10:00
Tinderbox User
871ab4edd8 regen master 2015-06-06 01:06:45 +00:00
Mark Andrews
94f7158d44 update rpz doc as per rt39703 2015-06-05 11:13:02 +10:00
Tinderbox User
335c82aebd regen master 2015-06-05 01:05:03 +00:00
Evan Hunt
8c9fba44a4 [master] further RPZ fixes 
4131.	[bug]		Addressed further problems with reloading RPZ
			zones. [RT #39649]
 2015-06-03 18:18:55 -07:00
Tinderbox User
22be030b50 regen master 2015-05-29 01:04:57 +00:00
Tinderbox User
431e5c81db update copyright notice / whitespace 2015-05-28 23:45:24 +00:00
Tinderbox User
481870b95f regen master 2015-05-28 01:04:54 +00:00
Mark Andrews
598b502695 4127. [protocol] CDS and CDNSKEY need to be signed by the key signing 
key as per RFC 7344, Section 4.1. [RT #37215]
 2015-05-27 15:25:45 +10:00
Tinderbox User
661e7fbf77 regen master 2015-05-22 01:04:47 +00:00
Evan Hunt
f5c20627f4 [master] fix tags 2015-05-21 14:29:22 -07:00
Mukund Sivaraman
72a1c3f1a7 Update notes.xml and CHANGES for #39567 2015-05-21 21:45:47 +05:30
Mukund Sivaraman
705cea35a8 Fix RPZ radix tree search() for CLIENT-IP triggers (#39481) 2015-05-21 11:10:49 +05:30
Tinderbox User
b9a0676eec regen master 2015-05-21 01:04:46 +00:00
Evan Hunt
19365b43e9 [master] ensure rpz summary consistence during AXFR updates 
4121.	[bug]		When updating a response-policy zone via AXFR,
			summary data about other policy zones could fall
			out of sync. Ultimately this could trigger an
			assertion failure in rpz.c. [RT #39567]
 2015-05-20 15:00:50 -07:00
Tinderbox User
e9ed929fd1 regen master 2015-05-20 01:04:55 +00:00
Evan Hunt
7e6cf6fc6e [master] address a possible policy update race 
4120.	[bug]		A bug in RPZ could cause the server to crash if
			policy zones were updated while recursion was
			pending for RPZ processing of an active query.
			[RT #39415]
 2015-05-19 15:47:42 -07:00
Mark Andrews
8f20f6c9d7 4117. [protocol] Add EMPTY.AS112.ARPA as per RFC 7534. 2015-05-15 08:22:25 +10:00
Tinderbox User
7f18387d4b regen master 2015-05-08 01:05:05 +00:00
Mukund Sivaraman
b947e1a521 Fix a bug in RPZ that could cause unwanted recursion (#39229) 
Conflicts:
	doc/arm/notes.xml
 2015-05-07 08:29:36 +05:30
Tinderbox User
6d45011a65 regen master 2015-05-06 01:05:06 +00:00
Tinderbox User
395c952141 regen master 2015-05-05 01:05:07 +00:00
Tinderbox User
e668599e6a regen master 2015-04-25 01:05:56 +00:00
Mark Andrews
e77e449549 4109. [port] linux: support reading the local port range from 
net.ipv4.ip_local_port_range. [RT # 39379]
 2015-04-25 08:25:42 +10:00
Tinderbox User
8168c28739 regen master 2015-04-24 01:05:03 +00:00
Evan Hunt
ef1aaab9ed [master] more verbose CHANGES note, added release note 
4108.	[func]		An additional NXDOMAIN redirect method (option
			"nxdomain-redirect") has been added, allowing
			redirection to a specified DNS namespace instead
			of a single redirect zone. [RT #37989]
 2015-04-23 09:40:07 -07:00
Mark Andrews
c82b378115 4108. [func] A additional nxdomain redirect (nxdomain-redirect) 
method is now supported. [RT #37989]
 2015-04-23 16:57:15 +10:00
Tinderbox User
645a03d61e regen master 2015-04-16 01:04:55 +00:00
Evan Hunt
fc3ed1dbda [master] fix +split and +rrcomments with dig +short 
4101.	[bug]		dig: the +split and +rrcomments options didn't
			work with +short. [RT #39291]
 2015-04-15 09:50:07 -07:00
Tinderbox User
24abfe433e regen master 2015-04-14 01:05:08 +00:00
Tinderbox User
6a6ceba6fe update copyright notice / whitespace 2015-04-13 23:45:23 +00:00
Jeremy C. Reed
2637d30fbd docbook <command> tags around named server references 2015-04-13 11:46:35 -05:00
Jeremy C. Reed
2b66b8b6fb fix mismatched docbook tag 2015-04-13 11:38:40 -05:00
Evan Hunt
d9b37259f3 [master] hold a reference on fetch context during query 
4094.	[bug]		A race during shutdown or reconfiguration could
			cause an assertion in mem.c. [RT #38979]
 2015-04-08 14:33:45 -07:00
Tinderbox User
0d00a726fe regen master 2015-04-08 01:05:07 +00:00
Evan Hunt
f28e5058c3 [master] dig can now learn the SIT value when retrying 
4093.	[func]		Dig now learns the SIT value from truncated
			responses when it retries over TCP. [RT #39047]
 2015-04-06 23:16:54 -07:00
Mark Andrews
febb020dce 4092. [bug] 'in-view' didn't work for zones beneath a empty zone. 
[RT #39173]
 2015-04-07 13:21:33 +10:00
Tinderbox User
ed38240f42 regen master 2015-04-07 01:05:01 +00:00
Evan Hunt
1e15a048c0 [master] minor doc fixes 2015-04-06 13:48:29 -07:00
Mark Andrews
362a13ce42 add missing entries 2015-04-02 17:10:27 +11:00
Tinderbox User
b4556ecdbc regen master 2015-03-11 01:04:49 +00:00
Mark Andrews
7b52254bf3 Add warning about configuration inheritence with in-view 2015-03-11 10:42:34 +11:00
Tinderbox User
53e1e7cec5 regen master 2015-03-10 01:04:50 +00:00
Mark Andrews
4ae7a31251 document the EDNS version is logged 2015-03-10 07:27:10 +11:00
Mark Andrews
1b05d22789 4082. [bug] Incrementally sign large inline zone deltas. 
[RT #37927]
 2015-03-05 09:59:29 +11:00
Evan Hunt
ff295743c2 [master] release note for change #4013 2015-03-04 09:06:03 -08:00
Tinderbox User
947d37484e regen master 2015-03-04 01:04:48 +00:00
Evan Hunt
7ae96d8823 [master] add "lock-file" and fix up singleton code 
4080.	[func]		Completed change #4022, adding a "lock-file" option
			to named.conf to override the default lock file,
			in addition to the "named -X <filename>" command
			line option.  Setting the lock file to "none"
			using either method disables the check completely.
			[RT #37908]
 2015-03-02 19:27:54 -08:00
Tinderbox User
603de7394f regen master 2015-03-03 01:04:47 +00:00
Mukund Sivaraman
84f95ddb25 Update win32 configure for --enable-querytrace (#37520) 
Also enable querytrace when --enable-developer is specified.
 2015-03-02 12:57:50 +05:30
Tinderbox User
548a24c3d3 regen master 2015-02-28 01:05:06 +00:00
Tinderbox User
0eea9763d8 regen master 2015-02-26 01:04:45 +00:00
Tinderbox User
d06befed22 regen master 2015-02-24 01:04:44 +00:00
Evan Hunt
7acc2f2156 [master] fix LOADPENDING issues 
4063.	[bug]		Asynchronous zone loads were not handled
			correctly when the zone load was already in
			progress; this could trigger a crash in zt.c.
			[RT #37573]
 2015-02-22 20:43:39 -08:00
Tinderbox User
659d063f23 regen master 2015-02-08 01:05:11 +00:00
Evan Hunt
591389c7d4 [master] 5011 tests and fixes 
4056.	[bug]		Expanded automatic testing of trust anchor
			management and fixed several small bugs including
			a memory leak and a possible loss of key state
			information. [RT #38458]

4055.	[func]		"rndc managed-keys" can be used to check status
			of trust anchors or to force keys to be refreshed,
			Also, the managed keys data file has easier-to-read
			comments.  [RT #38458]
 2015-02-05 17:18:15 -08:00
Tinderbox User
de283bda6a regen master 2015-02-06 01:04:48 +00:00
Francis Dupont
1059bc2e42 added mdig tool 2015-02-04 14:22:32 +01:00
Evan Hunt
801fb8b894 [master] avoid crash due to managed-key rollover 
4053.	[security]	Revoking a managed trust anchor and supplying
			an untrusted replacement could cause named
			to crash with an assertion failure.
			(CVE-2015-1349) [RT #38344]
 2015-02-03 18:25:28 -08:00
Tinderbox User
9c716f839c regen master 2015-02-04 01:04:44 +00:00
Evan Hunt
7267d1f335 [master] clarify edns-udp-size doc 2015-02-03 13:35:34 -08:00
Mukund Sivaraman
e3e783a0e9 Update notes.xml for #38454 2015-02-03 12:07:28 +05:30
Tinderbox User
73a1443878 regen master 2015-01-23 01:04:53 +00:00
Francis Dupont
0ee7e491d4 Merge branch 'master' of ssh://repo.isc.org/proj/git/prod/bind9 2015-01-22 09:25:18 +01:00
Tinderbox User
3e240d6559 regen master 2015-01-22 01:04:47 +00:00
Evan Hunt
0936da207d [master] oops, semicolons were still wrong 2015-01-21 11:41:18 -08:00
Francis Dupont
050846b17b Merge branch 'master' of ssh://repo.isc.org/proj/git/prod/bind9 2015-01-21 20:36:24 +01:00
Francis Dupont
6089bce129 missing '-' in keep-response-order 2015-01-21 20:34:19 +01:00
Evan Hunt
b892b31f75 [master] reformat response-policy grammar 
There was an overly long line that ran off the end of the
page in the PDF; also missing semicolons and close brace.
 2015-01-21 11:19:58 -08:00
Evan Hunt
2817aa56ca [master] "rndc modzone" 
4043.	[func]		"rndc modzone" can be used to modify the
			configuration of an existing zone, using similar
			syntax to "rndc addzone". [RT #37895]
 2015-01-20 22:34:16 -08:00
Evan Hunt
b88b75c2b8 [master] correct CHANGES note 2015-01-20 18:33:53 -08:00
Tinderbox User
d9184858dd regen master 2015-01-21 01:04:51 +00:00
Evan Hunt
761d135ed6 [master] add TCP pipelining support 
4040.	[func]		Added server-side support for pipelined TCP
			queries. TCP connections are no longer closed after
			the first query received from a client. (The new
			"keep-response-order" option allows clients to be
			specified for which the old behavior will still be
			used.) [RT #37821]
 2015-01-20 16:14:09 -08:00
Tinderbox User
dddceb7732 update copyright notice / whitespace 2015-01-14 23:45:22 +00:00
Tony Finch
eb4221895f doc: ignore and clean up isc-notes-html.xsl 2015-01-14 17:25:05 +05:30
Tinderbox User
ef8014e56f regen master 2015-01-14 01:04:44 +00:00
Tinderbox User
a6ca100924 update copyright notice / whitespace 2015-01-13 23:45:21 +00:00
Evan Hunt
03f979494f [master] document default DNSKEY TTL 
- see RT #38268
 2015-01-13 09:54:57 -08:00
Evan Hunt
82cf456943 [master] document dscp option 2015-01-13 09:15:51 -08:00
Tinderbox User
8402f7bfea regen master 2015-01-13 01:04:50 +00:00
Mukund Sivaraman
a6f0e9c985 Add NTA persistence (#37087) 
4034.   [func]          When added, negative trust anchors (NTA) are now
                        saved to files (viewname.nta), in order to
                        persist across restarts of the named server.
                        [RT #37087]
 2015-01-12 09:07:48 +05:30
Tinderbox User
fae13836a3 regen master 2015-01-12 03:30:27 +00:00
Tinderbox User
2f161339d2 regen master 2015-01-11 01:05:05 +00:00
Tinderbox User
f0cbe180f0 update copyright notice / whitespace 2015-01-10 23:45:22 +00:00
Evan Hunt
6124e803cf [master] revise pkcs11 doc 2015-01-10 11:40:01 -08:00
Mark Andrews
7952156995 4032. [bug] Built-in "empty" zones did not correctly inherit the 
"allow-transfer" ACL from the options or view.
                        [RT #38310]
 2015-01-10 22:01:42 +11:00
Evan Hunt
e5073ab47c [master] improve pkcs11.xml documentation 
see RT #37801
 2015-01-10 00:36:18 -08:00
Tinderbox User
cd32f419a8 regen master 2015-01-09 01:05:02 +00:00
Tinderbox User
63b0524b96 update copyright notice / whitespace 2015-01-08 23:45:22 +00:00
Evan Hunt
fce754ac0b [master] Merge branch 'master' of ssh://repo/proj/git/prod/bind9 2015-01-07 17:26:42 -08:00
Evan Hunt
d6850bee24 [master] clean up release note stylesheets 2015-01-07 17:26:03 -08:00
Tinderbox User
11e9368a22 regen master 2015-01-08 01:04:51 +00:00
Tinderbox User
b129f72d95 update copyright notice / whitespace 2015-01-07 23:45:22 +00:00
Mukund Sivaraman
47ba2677db Update ARM for the named -L option, etc. [RT #38057] 2015-01-08 04:49:17 +05:30
Evan Hunt
74eb2f5cbc [master] rndc showzone / rndc delzone of non-added zones 
4030.	[func]		"rndc delzone" is now applicable to zones that were
			configured in named.conf, as well as zones that
			were added via "rndc addzone". (Note, however, that
			if named.conf is not also modified, the deleted zone
			will return when named is reloaded.) [RT #37887]

4029.	[func]		"rndc showzone" displays the current configuration
			of a specified zone. [RT #37887]
 2015-01-06 22:57:57 -08:00
Tinderbox User
8f09f14275 regen master 2015-01-06 01:04:38 +00:00
Tinderbox User
225908aece update copyright notice / whitespace 2015-01-05 23:45:23 +00:00
Evan Hunt
43d798dea3 [master] suppress table of contents in notes.html and notes.pdf 2015-01-05 14:31:23 -08:00
Evan Hunt
6306dd073e [master] add style and developer guide source 2014-12-31 12:50:19 -08:00
Tinderbox User
d5ece58e3b regen master 2014-12-19 01:04:53 +00:00
Mukund Sivaraman
47d837a499 Make named a singleton process [RT#37908] 
Conflicts:
	bin/tests/system/conf.sh.in
	lib/dns/win32/libdns.def.in
	lib/isc/win32/file.c

The merge also needed to update files in legacy and tcp system tests
(newly introduced in master after branch was created) to introduce use
of lockfile.
 2014-12-18 12:31:25 +05:30
Tinderbox User
c60ee6edf1 regen master 2014-12-17 01:04:43 +00:00
Evan Hunt
be7fba8019 [master] adjust max-recursion-queries 
4021.	[bug]		Adjust max-recursion-queries to accommodate
			the need for more queries when the cache is
			empty. [RT #38104]
 2014-12-15 22:28:06 -08:00
Tinderbox User
25ae0fd27c regen master 2014-12-06 01:05:00 +00:00
Mark Andrews
03fd9cb81c 4020. [bug] Change 3736 broke nsupdate's SOA MNAME discovery 
resulting in updates being sent to the wrong server.
                        [RT #37925]
 2014-12-05 18:26:38 +11:00
Mark Andrews
017aa9aef6 4019. [func] If named is not configured to validate the answer 
then allow fallback to plain DNS on timeout even
                        when we know the server supports EDNS. [RT #37978]
 2014-12-05 17:47:26 +11:00
Tinderbox User
ab3bdbd2ee regen master 2014-12-04 01:04:55 +00:00
Mark Andrews
693d70f96f 4017. [testing] Add system test to check lookups to legacy servers 
with broken DNS behaviour. [RT #37965]
 2014-12-04 07:01:52 +11:00
Tinderbox User
88a2182a1a regen master 2014-12-03 01:04:59 +00:00
Mark Andrews
ea3aa401bc 4015. [bug] Nameservers that are skipped due to them being 
CNAMEs were not being logged. They are now logged
                        to category 'cname' as per BIND 8. [RT #37935]
 2014-12-03 11:34:07 +11:00
Francis Dupont
5c5c6d289d Add a TCP only option to server/peer 2014-12-02 14:17:59 +01:00
Tinderbox User
ddbd14ec13 regen master 2014-11-22 01:05:01 +00:00
Evan Hunt
92384667ff [master] delv +tcp 
4009.	[func]		delv: added a +tcp option. [RT #37855]
 2014-11-21 09:42:04 -08:00
Mark Andrews
64d715c22a 4007. [doc] Remove acl forward reference restriction. [RT #37772] 2014-11-21 15:26:37 +11:00
Tinderbox User
a17033f2c4 regen master 2014-11-21 01:04:39 +00:00
Evan Hunt
0d569f0e27 [master] add missing grammar 2014-11-20 15:36:22 -08:00
Evan Hunt
166a7500be [master] add notes 2014-11-20 13:16:09 -08:00
Tinderbox User
795beed720 regen master 2014-11-20 01:04:52 +00:00
Evan Hunt
c4f54e5bd1 [master] add max-recursion-queries 
also fixes and documentation for max-recursion-depth
 2014-11-18 22:02:02 -08:00
Tinderbox User
d6984fd680 regen master 2014-11-19 01:05:15 +00:00
Evan Hunt
3230429e17 [master] limit recursion depth and iterative queries 
4006.	[security]	A flaw in delegation handling could be exploited
			to put named into an infinite loop.  This has
			been addressed by placing limits on the number
			of levels of recursion named will allow (default 7),
			and the number of iterative queries that it will
			send (default 50) before terminating a recursive
			query (CVE-2014-8500).

			The recursion depth limit is configured via the
			"max-recursion-depth" option.  [RT #35780]
 2014-11-17 23:24:44 -08:00
Tinderbox User
ebca35d493 regen master 2014-11-15 01:06:26 +00:00
Evan Hunt
e32d354f75 [master] allow arbitrary-size rndc output 
4005.	[func]		The buffer used for returning text from rndc
			commands is now dynamically resizable, allowing
			arbitrarily large amounts of text to be sent back
			to the client. (Prior to this change, it was
			possible for the output of "rndc tsig-list" to be
			truncated.) [RT #37731]
 2014-11-14 15:58:54 -08:00
Mukund Sivaraman
16c86a4980 Update .gitgnore files (ISC-Bugs #37773) 2014-11-11 11:47:02 +05:30
Tinderbox User
369963ad26 regen master 2014-11-06 01:05:06 +00:00
Evan Hunt
3cc8c7d630 [master] fix nxrrset in nxdomain redirection 
4000.	[bug]		NXDOMAIN redirection incorrectly handled NXRRSET
			from the redirect zone. [RT #37722]
 2014-11-04 23:49:56 -08:00
Evan Hunt
ce96d4326c [master] new mkeys and nzf naming format 
3999.	[func]		"mkeys" and "nzf" files are now named after
			their corresponding views, unless the view name
			contains characters that would be incompatible
			with use in a filename (i.e., slash, backslash,
			or capital letters). If a view name does contain
			these characters, the files will still be named
			using a cryptographic hash of the view name.
			Regardless of this, if a file using the old name
			format is found to exist, it will continue to be
			used. [RT #37704]
 2014-11-04 19:43:27 -08:00
Tinderbox User
daf4204f82 regen master 2014-11-05 01:04:56 +00:00
Mark Andrews
257d7508c8 3997. [protocol] Add OPENGPGKEY record. [RT# 37671] 2014-11-04 12:29:36 +11:00
Tinderbox User
6469eef791 regen master 2014-11-01 01:05:08 +00:00
Mark Andrews
d68f8db3ee add end of life statement 2014-10-31 13:08:42 +11:00
Tinderbox User
def82e8de9 regen master 2014-10-31 01:04:53 +00:00
Mark Andrews
f0a54842b1 3994. [func] Dig now supports setting the last unassigned DNS 
header flag bit (dig +zflag). [RT #37421]
 2014-10-31 10:16:00 +11:00
Evan Hunt
0c9b9b5e92 [master] document that zone rate-limiters have a floor of 1/second 2014-10-30 14:31:00 -07:00
Mark Andrews
0f5144163c 3993. [func] Dig now supports EDNS negotiation by default. 
(dig +[no]ednsnegotiation). [RT #37604]
 2014-10-30 23:13:12 +11:00
Tinderbox User
a3ff24aaa5 regen master 2014-10-30 01:05:12 +00:00
Mark Andrews
f274cbeaed 3992. [func] DiG can now send queries without questions 
(dig +header-only). [RT #37599]
 2014-10-30 11:42:02 +11:00
Mark Andrews
00fb0253c9 3991. [func] Add the ability to buffer logging output by specifying 
"buffered yes;" when defining a channel. [RT #26561]
 2014-10-30 11:37:05 +11:00
Tinderbox User
eaaf00efc0 regen master 2014-10-23 01:04:55 +00:00
Evan Hunt
de41f327d9 [master] missed a ticket number 2014-10-22 11:05:19 -07:00
Evan Hunt
e179fcd4dc [master] [rt35857] relnote 2014-10-22 10:53:43 -07:00
Evan Hunt
512e41f44d [master] [rt36945] relnote 2014-10-22 10:45:27 -07:00
Evan Hunt
c69e3a95f0 [master] [rt36892] relnote 2014-10-22 10:40:53 -07:00
Evan Hunt
a80fc8467d [master] [rt37138] relnote 2014-10-22 10:33:41 -07:00
Evan Hunt
8f2a79879e [master] [rt37159] relnote 2014-10-22 10:24:20 -07:00
Evan Hunt
6e23e76b5d [master] [rt37172] relnote 2014-10-22 10:20:27 -07:00
Evan Hunt
9d49dba3b7 [master] [rt37197] relnote 2014-10-22 10:12:30 -07:00
Evan Hunt
44f1102bfb [master] [rt37410] relnote 2014-10-22 10:05:46 -07:00
Evan Hunt
42fa62dd31 [master] [rt37506] relnote 2014-10-22 10:01:35 -07:00
Evan Hunt
7be3c12291 [master] more relnotes backfill 2014-10-21 22:58:26 -07:00
Tinderbox User
6932de75ef update copyright notice 2014-10-21 23:45:24 +00:00
Evan Hunt
67c6b5edd0 [master] backfill release notes 2014-10-21 16:42:23 -07:00
Mark Andrews
4140a96f22 3987. [func] Allow the zone serial of a dynamically updatable 
zone to be updated via rndc. [RT #37404]
 2014-10-21 18:15:42 +11:00
Tinderbox User
c20d6e4542 regenerate 2014-10-21 06:52:24 +00:00
Tinderbox User
30c0c7470d regen master 2014-10-21 06:42:51 +00:00
Evan Hunt
dd66b77417 [master] [rt37398] version string in ARM page footers 
3986.	[doc]		Add the BIND version number to page footers
			in the ARM. [RT #37398]
 2014-10-20 23:34:21 -07:00
Tinderbox User
78ec962d98 regen master 2014-10-21 01:04:47 +00:00
Evan Hunt
498b061031 [master] allow 1-week nta-lifetime/nta-recheck 
3983.	[bug]		Change #3940 was incomplete: negative trust anchors
			could be set to last up to a week, but the
			"nta-lifetime" and "nta-recheck" options were
			still limted to one day. [RT #37522]
 2014-10-20 13:40:17 -07:00
Tinderbox User
45a48ac5e2 regenerate 2014-10-20 20:01:30 +00:00
Tinderbox User
1c57c3f79d [master] Add generated notes.html and notes.pdf to git repository 2014-10-20 20:00:05 +00:00
Tinderbox User
2fa992d017 regen master 2014-10-20 19:55:39 +00:00
Evan Hunt
90e0af6bc6 [master] include relnotes in doc 
3982.	[doc]		Include release notes in product documentation.
			[RT #37272]
 2014-10-20 12:49:14 -07:00
Tinderbox User
6478b87fd2 regen master 2014-10-17 01:04:36 +00:00
Tinderbox User
28b2fddfd4 update copyright notice 2014-10-16 23:45:23 +00:00
Jeremy C. Reed
7615f6954f Fix grammar in ARM suh as was fixed in rndc manual. 
This is prompted by ticket #37505 from chucka.
 2014-10-16 11:58:48 -05:00
Jeremy C. Reed
edad003e63 Remove the apostrophe 's from plural acronyms 
This is to be consistent with our common usage of just using a
plural "s" without apostrophe.

This was brought up via discussion in ticket 37505.

I didn't have this reviewed.
 2014-10-16 11:55:51 -05:00
Tinderbox User
b68a2d272b regen master 2014-10-02 01:05:48 +00:00
Jeremy C. Reed
0b25d4d86a Merge branch 'master' of repo.isc.org:/proj/git/prod/bind9 2014-10-01 11:28:53 -05:00
Jeremy C. Reed
35bd3dff86 add missing space and fix typo 2014-10-01 11:28:33 -05:00
Tinderbox User
60c29cf21a regen master 2014-09-29 01:05:38 +00:00
Mark Andrews
10c12aa549 3956. [func] Notify messages are now rate limited by notify-rate and 
startup-notify-rate instead of serial-query-rate.
                        [RT #24454]

3955.   [bug]           Notify messages due to changes are no longer queued
                        behind startup notify messages. [RT #24454]
 2014-09-29 10:01:08 +10:00
Tinderbox User
a8a5c3eb62 regen master 2014-09-28 01:05:36 +00:00
Mark Andrews
531d6f6bc3 fix response-policy synopsis 2014-09-27 11:23:05 +10:00
Tinderbox User
4fe1df3962 regen master 2014-09-14 01:05:19 +00:00
Tinderbox User
c25602ed66 regen master 2014-09-13 01:05:26 +00:00
Tinderbox User
95d0bdf2b4 regen master 2014-09-12 01:05:28 +00:00
Evan Hunt
0c9c74d9f9 [master] remove RRL classifier doc (feature not committed here yet) 2014-09-11 10:15:38 -07:00
Jeremy C. Reed
c8757da885 Merge branch 'master' of repo.isc.org:/proj/git/prod/bind9 2014-09-11 07:18:57 -07:00
Jeremy C. Reed
add5273040 [master] minor grammar change 2014-09-11 07:18:24 -07:00
Tinderbox User
8908291ce5 regen master 2014-09-11 01:05:15 +00:00
Jeremy C. Reed
87f234b1d4 [master] add servfail-ttl to options grammar 2014-09-10 13:15:05 -07:00
Mark Andrews
947cf282a7 3949. [experimental] Experimental support for draft-andrews-edns1 by sending 
EDNS(1) queries (define DRAFT_ANDREWS_EDNS1 when
                        building).  Add support for limiting the EDNS version
                        advertised to servers: server { edns-version 0; };
                        Log the EDNS version received in the query log.
                        [RT #35864]
 2014-09-10 15:31:40 +10:00
Mark Andrews
8aa098c633 update copyrights 2014-09-06 09:38:48 +10:00
Tinderbox User
5fa6a064b8 regen master 2014-09-05 19:26:47 +00:00
Evan Hunt
a3f3f73efb [master] add package version to scope statement 2014-09-05 12:18:14 -07:00
Evan Hunt
cf47fe2ddc [master] retain release info when updating copyright 2014-09-05 11:28:32 -07:00
Evan Hunt
1aa8b80767 [master] fix warnings/doc errors 
- possible use before assignment in query.c
- missing <varlistentry> in ARM
 2014-09-04 18:35:30 -07:00
Tinderbox User
948c80ffa8 update copyright notice 2014-09-04 23:45:24 +00:00
Evan Hunt
a878301981 [master] servfail cache 
3943.	[func]		SERVFAIL responses can now be cached for a
			limited time (configured by "servfail-ttl",
			default 10 seconds, limit 30). This can reduce
			the frequency of retries when an authoritative
			server is known to be failing, e.g., due to
			ongoing DNSSEC validation problems. [RT #21347]
 2014-09-03 23:28:14 -07:00
Evan Hunt
7ae9399897 [master] add version number to ARM 
3941.	[doc]		Include the BIND version number in the ARM. [RT #37067]
 2014-09-03 20:29:24 -07:00
Evan Hunt
3d066288ad [master] [rt37069] update NTA limit to a week 
3940.	[func]		"rndc nta" now allows negative trust anchors to be
			set for up to one week. [RT #37069]
 2014-09-03 19:00:03 -07:00
Tinderbox User
aa1905addf regen master 2014-08-31 01:47:15 +00:00
Tinderbox User
c8d27399fb remove embrionic paragraph 2014-08-31 01:40:55 +00:00
Tinderbox User
59564e2b1f Merge branch 'master' of ssh://repo.isc.org/proj/git/prod/bind9 2014-08-31 01:32:27 +00:00
Evan Hunt
f4aaffb53c [master] fix xml error 2014-08-29 18:16:57 -07:00
Tinderbox User
2272d9a445 Merge branch 'master' of ssh://repo.isc.org/proj/git/prod/bind9 2014-08-30 01:01:25 +00:00
Evan Hunt
d46855caed [master] ECS authoritative support 
3936.	[func]		Added authoritative support for the EDNS Client
			Subnet (ECS) option.

			ACLs can now include "ecs" elements which specify
			an address or network prefix; if an ECS option is
			included in a DNS query, then the address encoded
			in the option will be matched against "ecs" ACL
			elements.

			Also, if an ECS address is included in a query,
			then it will be used instead of the client source
			address when matching "geoip" ACL elements.  This
			behavior can be overridden with "geoip-use-ecs no;".

			When "ecs" or "geoip" ACL elements are used to
			select a view for a query, the response will include
			an ECS option to indicate which client network the
			answer is valid for.

			(Thanks to Vincent Bernat.) [RT #36781]
 2014-08-28 22:05:57 -07:00
Evan Hunt
180319f572 [master] fix geoip asnum matching 
3935.	[bug]		"geoip asnum" ACL elements would not match unless
			the full organization name was specified.  They
			can now match against the AS number alone (e.g.,
			AS1234). [RT #36945]
 2014-08-28 21:40:32 -07:00
Mark Andrews
7c73ac5e13 3934. [bug] Catch bad 'sit-secret' in named-checkconf. Improve 
sit-secrets documentation. [RT #36980]
 2014-08-29 14:35:21 +10:00
Tinderbox User
78c3882f77 regen master 2014-08-26 01:05:40 +00:00
Tinderbox User
cefd74ae81 regen master 2014-08-23 01:06:12 +00:00
Jeremy C. Reed
a0707b6acf [36877] added doc about geoip-directory 2014-08-22 08:36:33 -05:00
Jeremy C. Reed
beb7389b41 remove period punctuation at end of title in <title> tags 
This was in the bibliography <biblioentry> entries which
already generates the desired punctuation.
Most was already correct, but some had junk periods.
 2014-08-22 08:20:44 -05:00
Jeremy C. Reed
bd8f309144 Merge branch 'master' of repo.isc.org:/proj/git/prod/bind9 2014-08-22 08:18:16 -05:00
Evan Hunt
e0421bf2c5 [master] doc masterfile-style 
3919.	[doc]		Added doc for masterfile-style. [RT #36823]
 2014-08-21 22:15:36 -07:00
Mark Andrews
d90344224a 3918. [doc] Update check-spf documentation. [RT #36910] 2014-08-22 11:49:58 +10:00
Jeremy C. Reed
9e7c5f15ca miscellaneous minor fixes 
Say named instead of Named (be consistent).

add sit-secret, automatic-interface-scan, policy tcp-only to grammar

lowercase All-per-second to all-per-second

fix typo cn to can

Note this was not reviewed.
 2014-08-20 15:45:57 -05:00
Tinderbox User
a24330c480 regen master 2014-08-16 01:06:20 +00:00
Tinderbox User
aebd0e85bf update copyright notice 2014-08-15 23:45:20 +00:00
Mark Andrews
15a885dfc6 remove duplicate request-ixfr rt36878 
(cherry picked from commit 0a484c39fc)
 2014-08-16 08:51:20 +10:00
Jeremy C. Reed
821350367e fix typos or misspellings 2014-08-15 10:35:31 -05:00
Tinderbox User
3e80f25d33 regen master 2014-08-06 05:17:24 +00:00
Evan Hunt
d0ffef73fd [35925] add more EDNS EXPIRE doc, clarify CHANGES note 3911 2014-08-05 19:32:46 -07:00
Mark Andrews
43b9737b11 3911. [func] Implement EDNS EXPIRE option client side. [RT #35925] 2014-08-06 11:50:40 +10:00
Evan Hunt
2383eb5272 [master] add CAA rdata support 
3056.	[protocol]	Added support for CAA record type (RFC 6844).
			[RT #36625]
 2014-07-29 08:40:35 -07:00
Mark Andrews
bc98d5a4c6 7314:Extension Mechanisms for DNS (EDNS) EXPIRE Option 2014-07-18 10:25:35 +10:00
Tinderbox User
d9f0b06dc2 regen master 2014-07-16 01:05:40 +00:00
Tinderbox User
61ab11c0ec regen master 2014-06-19 01:05:10 +00:00
Evan Hunt
b8a9632333 [master] complete NTA work 
3882.	[func]		By default, negative trust anchors will be tested
			periodically to see whether data below them can be
			validated, and if so, they will be allowed to
			expire early. The "rndc nta -force" option
			overrides this behvaior.  The default NTA lifetime
			and the recheck frequency can be configured by the
			"nta-lifetime" and "nta-recheck" options. [RT #36146]
 2014-06-18 16:50:38 -07:00
Tinderbox User
6f12058975 regen master 2014-06-17 01:05:10 +00:00
Tinderbox User
70b01b2d03 regen master 2014-06-04 01:05:06 +00:00
Mark Andrews
93d4128dcd 3869. [doc] Document that in-view zones cannot be used for 
response policy zones. [RT #35941]
 2014-06-03 13:37:21 +10:00
Tinderbox User
f5c27ecceb regen master 2014-05-31 01:05:50 +00:00
Evan Hunt
0cfb247368 [master] rndc nta 
3867.	[func]		"rndc nta" can now be used to set a temporary
			negative trust anchor, which disables DNSSEC
			validation below a specified name for a specified
			period of time (not exceeding 24 hours).  This
			can be used when validation for a domain is known
			to be failing due to a configuration error on
			the part of the domain owner rather than a
			spoofing attack. [RT #29358]
 2014-05-29 22:22:53 -07:00
Tinderbox User
f5ae3cca1d regen master 2014-05-24 01:05:32 +00:00
Tinderbox User
fc74b733bf regen master 2014-05-17 01:05:14 +00:00
Evan Hunt
896f49f8bd [master] increase and allow configuration of lwresd tasks/clients 
3852.	[func]		Increase the default number of clients available
			for servicing lightweight resolver queries, and
			make them configurable via the "lwres-tasks" and
			"lwres-clients" options.  (Thanks to Tomas Hozza.)
			[RT #35857]
 2014-05-15 22:01:19 -07:00
Tinderbox User
b90c4f0646 regen master 2014-05-15 05:05:58 +00:00
Tinderbox User
6bcac4b58d regen master 2014-05-15 04:46:54 +00:00
Tinderbox User
8e16b30787 regen master 2014-05-15 03:57:31 +00:00
Tinderbox User
297342940e regen master 2014-05-14 01:05:10 +00:00
Tinderbox User
e68c527dff regen master 2014-04-30 01:05:11 +00:00
Tinderbox User
9e52eec793 regenerate 2014-04-23 18:35:38 +00:00
Tinderbox User
e108f2ec64 regen master 2014-04-23 18:28:07 +00:00
Evan Hunt
2ae159b376 [master] globally rename "delve" to "delv" 
3817.	[func]		The "delve" command is now spelled "delv" to avoid
			a namespace collision with the Xapian project.
			[RT #35801]
 2014-04-23 11:14:12 -07:00
Tinderbox User
f39512a917 regen master 2014-04-20 01:05:19 +00:00
Evan Hunt
7318bbc262 [master] serial-update-method date; 
3811.	[func]		"serial-update-method date;" sets serial number
			on dynamic update to today's date in YYYYMMDDNN
			format. (Thanks to Bradley Forschinger.) [RT #24903]
 2014-04-17 16:05:50 -07:00
Evan Hunt
baa4c2f101 [master] remove outdated files from doc directory 2014-04-16 22:57:54 -07:00
Tinderbox User
bcd092ea1e regenerate 2014-04-17 05:49:55 +00:00
Tinderbox User
27963ad220 regen master 2014-04-17 01:05:20 +00:00
Mark Andrews
993cde8f0f 3809. [doc] Fix SIT and NSID documentation. 2014-04-16 15:53:30 +10:00
Tinderbox User
1f30da8ae0 regen master 2014-04-15 01:05:23 +00:00
Evan Hunt
efa4dcc9da [master] more prefetch doc improvement 2014-04-14 16:36:06 -07:00
Jeremy C. Reed
4bda053938 Fix typo: word was repeated 2014-04-14 09:50:22 -05:00
Evan Hunt
2dc978b8a1 [master] fix "prefetch" doc 
3808.	[doc]		Clean up "prefetch" documentation. [RT #35751]
 2014-04-13 18:50:34 -07:00
Tinderbox User
1d94248a12 update copyright notice 2014-04-12 23:46:08 +00:00
Evan Hunt
682d0209e8 [master] customize configure --help 2014-04-11 17:35:54 -07:00
Tinderbox User
a87f0e88e2 regen master 2014-04-11 01:05:14 +00:00
Jeremy C. Reed
d06f13912c Merge branch 'master' of repo.isc.org:/proj/git/prod/bind9 2014-04-10 17:16:23 -05:00
Jeremy C. Reed
7ee973f74c fix typo 2014-04-10 17:13:46 -05:00
Tinderbox User
cd441cd51f regenerate 2014-04-10 04:04:52 +00:00
Tinderbox User
47db6d1f64 regenerate 2014-04-04 03:38:28 +00:00
Tinderbox User
2f103f5493 regen master 2014-03-29 01:05:21 +00:00
Jeremy C. Reed
02363b42ae This version of the manual corresponds to BIND version 9.10. 
Not 9.9
 2014-03-28 08:23:20 -05:00
Tinderbox User
a87790b9d8 regen master 2014-03-27 01:05:17 +00:00
Evan Hunt
5aae99fb1b [master] document behavior of localhost/localnets when interface changes 2014-03-25 20:08:04 -07:00
Tinderbox User
ba713ac34a regen master 2014-03-16 01:05:09 +00:00
Evan Hunt
06236ea367 [master] work around db2latex bug by removing literal tag 2014-03-15 15:22:47 -07:00
Tinderbox User
0c3a248de9 regenerate 2014-03-13 07:46:00 +00:00
Tinderbox User
ec899c963c regen master 2014-03-13 06:24:13 +00:00
Tinderbox User
3c7b4ac451 regen master 2014-03-12 01:05:39 +00:00
Tinderbox User
e4a70b8fdf regen master 2014-03-11 01:05:19 +00:00
Evan Hunt
997f513065 [master] whitespace 2014-03-10 11:57:02 -07:00
Evan Hunt
7b46a4aa41 [master] fix negative numbers in $GENERATE 
3780.	[bug]		$GENERATE handled negative numbers incorrectly.
			[RT #25528]
 2014-03-10 11:55:32 -07:00
Tinderbox User
0efe2893b6 regen master 2014-03-08 01:05:33 +00:00
Evan Hunt
78f79084fc [master] warn when wrong address family used in listen-on/-v6 
3778.	[bug]		Log a warning when the wrong address family is
			used in "listen-on" or "listen-on-v6". [RT #17848]
 2014-03-07 11:31:51 -08:00
Tinderbox User
0f52ea95d8 regen master 2014-03-06 01:05:38 +00:00
Tinderbox User
d3ddafd746 regen master 2014-03-05 01:06:28 +00:00
Tinderbox User
b46346eb30 regen master 2014-03-04 01:05:04 +00:00
Tinderbox User
74ae031d9d regen master 2014-03-02 01:05:20 +00:00
Evan Hunt
3ef4b7383a [master] improved doc for "rndc signing -list" 
3769.   [doc]           Improved documentation of "rndc signing -list".
                        [RT #30652]
 2014-02-28 21:29:19 -08:00
Tinderbox User
794b79e6bb regen master 2014-02-28 01:07:06 +00:00
Evan Hunt
71072248de [master] fix 'rndc freeze' doc, and mention 'rndc sync' 2014-02-26 23:03:54 -08:00
Tinderbox User
42be858f85 regen master 2014-02-27 01:06:20 +00:00
Mark Andrews
f4193c2021 update copyrights 2014-02-25 12:07:41 +11:00
Tinderbox User
bfceb3a1ed update copyright notice 2014-02-24 23:46:25 +00:00
Francis Dupont
1b0d803a75 hmac(key, message) 2014-02-25 00:35:31 +01:00
Mark Andrews
d3d9c0c8f6 add a brief description of SIT 2014-02-25 09:50:17 +11:00
Tinderbox User
13d525b8e2 regenerate 2014-02-21 17:47:10 +00:00
Tinderbox User
892503bd48 regen master 2014-02-21 17:38:07 +00:00
Evan Hunt
f0f5f71274 [master] grammar 2014-02-21 08:28:25 -08:00
Tinderbox User
e85b04ae75 regenerate 2014-02-21 05:05:01 +00:00
Tinderbox User
5006667081 regen master 2014-02-21 05:04:18 +00:00
Tinderbox User
b6b8f8a036 regen master 2014-02-21 04:51:27 +00:00
Evan Hunt
2059d7950b [master] missing man pages, named-rrchecker had wrong name 2014-02-20 20:46:25 -08:00
Evan Hunt
64584aa098 [master] fix typos 2014-02-20 19:57:03 -08:00
Mark Andrews
5e45c8aabf add CFG_CLAUSEFLAG_NOTCONFIGURED flag 2014-02-21 12:48:39 +11:00
Tinderbox User
90861521a7 regenerate 2014-02-20 19:19:51 +00:00
Tinderbox User
0e1dece22e regen master 2014-02-20 19:19:27 +00:00
Evan Hunt
35f6a21f5f [master] max-zone-ttl 
3746.	[func]		New "max-zone-ttl" option enforces maximum
			TTLs for zones. If loading a zone containing a
			higher TTL, the load fails. DDNS updates with
			higher TTLs are accepted but the TTL is truncated.
			(Note: Currently supported for master zones only;
			inline-signing slaves will be added.) [RT #38405]
 2014-02-18 23:26:50 -08:00
Mark Andrews
b5f6271f4d 3744. [experimental] SIT: send and process Source Identity Tokens 
(which are similar to DNS Cookies by Donald Eastlake)
                        and are designed to help clients detect off path
                        spoofed responses and for servers to detect legitimate
                        clients.

                        SIT use a experimental EDNS option code (65001).

                        SIT can be enabled via --enable-developer or
                        --enable-sit.  It is on by default in Windows.

                        RRL processing as been updated to know about SIT with
                        legitimate clients not being rate limited. [RT #35389]
 2014-02-19 12:53:42 +11:00
Tinderbox User
c96e7744e0 regen master 2014-02-18 01:05:03 +00:00
Mark Andrews
38eabfcee7 3743. [bug] delegation-only flag wasn't working in forward zone 
declarations despite being documented.  This is
                        needed to support turning off forwarding and turning
                        on delegation only at the same name.  [RT #35392]
 2014-02-18 10:09:07 +11:00
Evan Hunt
88af212a4d [master] correct delegation-only doc 2014-02-17 14:22:53 -08:00
Tinderbox User
c3c1aec44c regenerate 2014-02-16 21:09:10 +00:00
Tinderbox User
6d382c9fce regen master 2014-02-16 21:08:15 +00:00
Evan Hunt
1d761cb453 [master] delve 
3741.	[func]		"delve" (domain entity lookup and validation engine):
			A new tool with dig-like semantics for performing DNS
			lookups, with internal DNSSEC validation, using the
			same resolver and validator logic as named. This
			allows easy validation of DNSSEC data in environments
			with untrustworthy resolvers, and assists with
			troubleshooting of DNSSEC problems. (Note: not yet
			available on win32.) [RT #32406]
 2014-02-16 13:03:17 -08:00
Evan Hunt
f2ea8c2f96 [master] updated published drafts 2014-02-14 08:53:06 -08:00
Tinderbox User
665a24faf6 regen master 2014-02-13 01:05:15 +00:00
Tinderbox User
f2016fcecf regen master 2014-02-08 01:05:40 +00:00
Mark Andrews
62ec9fd168 3733. [func] Improve interface scanning support. Interface 
information will be automatically updated if the
                        OS supports routing sockets.  Use
                        "automatic-interface-scan no;" to disable.

                        Add "rndc scan" to trigger a scan. [RT #23027]
 2014-02-07 17:16:37 +11:00
Evan Hunt
7983f6f77a [master] Merge branch 'master' of ssh://repo/proj/git/prod/bind9 2014-02-06 19:41:48 -08:00
Evan Hunt
166341d554 [master] add no-case-compress 
3731.	[func]		Added a "no-case-compress" ACL, which causes
			named to use case-insensitive compression
			(disabling change #3645) for specified
			clients. (This is useful when dealing
			with broken client implementations that
			use case-sensitive name comparisons,
			rejecting responses that fail to match the
			capitalization of the query that was sent.)
			[RT #35300]
 2014-02-06 19:37:26 -08:00
Tinderbox User
bbbf2e27d3 regen master 2014-02-07 02:03:45 +00:00
Mark Andrews
6b0dee6cd7 fix tag 2014-02-07 12:36:16 +11:00
Mark Andrews
9c8126d0c7 fix tag 2014-02-07 12:34:35 +11:00
Evan Hunt
08c67b5b7a [master] improved native-pkcs11 doc 
3728.	[doc]		Expanded native-PKCS#11 documentation,
			specifically pkcs11: URI labels. [RT #35287]
 2014-02-06 15:40:00 -08:00
Evan Hunt
62cce60a15 [master] better error message when exceeding RPZ zone limit 
3726.	[cleanup]	Clarified the error message when attempting
			to configure more than 32 response-policy zones.
			[RT #35283]
 2014-02-06 15:26:54 -08:00
Tinderbox User
9253fa8cec regenerate 2014-02-02 20:31:30 +00:00
Tinderbox User
04bbadfbcb regen master 2014-02-01 01:05:42 +00:00
Evan Hunt
bc34c56226 [master] further clarify edns doc 2014-01-31 07:11:38 -08:00
Tinderbox User
65f32cd8bf regen master 2014-01-31 01:07:17 +00:00
Evan Hunt
fe9a1e5bd6 [master] improve RRL documentation 
- wrote better qname classifer doc
- imported response size classifier doc from 9.9 sub
 2014-01-30 15:09:33 -08:00
Evan Hunt
47c847e286 [master] improve EDNS doc 
3721.	[doc]		Improved doucmentation of the EDNS processing
			enhancements introduced in change #3593. [RT #35275]
 2014-01-30 14:52:01 -08:00
Tinderbox User
dd1ce8b524 regen master 2014-01-17 01:05:10 +00:00
Tinderbox User
6ea2385360 regen master 2014-01-16 01:05:38 +00:00
Evan Hunt
693a7bb91a [master] cleanup pcks11 doc 2014-01-15 10:01:44 -08:00
Mark Andrews
7edf48213c balance tags 2014-01-15 14:43:45 +11:00
Evan Hunt
ba751492fc [master] native PKCS#11 support 
3705.	[func]		"configure --enable-native-pkcs11" enables BIND
			to use the PKCS#11 API for all cryptographic
			functions, so that it can drive a hardware service
			module directly without the need to use a modified
			OpenSSL as intermediary (so long as the HSM's vendor
			provides a complete-enough implementation of the
			PKCS#11 interface). This has been tested successfully
			with the Thales nShield HSM and with SoftHSMv2 from
			the OpenDNSSEC project. [RT #29031]
 2014-01-14 15:40:56 -08:00
Evan Hunt
b751788932 [master] improve prefetch doc 2014-01-13 21:08:20 -08:00
Tinderbox User
a1e81a1c5b regen master 2014-01-13 01:04:54 +00:00
Mark Andrews
fb756ba304 3703. [func] Prefetch about to expire records if they are queried 
for, see prefetch option for details. [RT #35041]
 2014-01-12 21:29:15 +11:00
Tinderbox User
9c8c1a0485 regen master 2014-01-12 01:04:54 +00:00
Tinderbox User
990d0e893f regen master 2014-01-11 01:05:06 +00:00
Mark Andrews
a7c412f37c update copyrights 2014-01-11 07:07:56 +11:00
Evan Hunt
789252d55f [master] stats improvements 
3700.	[func]		Allow access to subgroups of XML statistics via
			special URLs http://<server>:<port>/xml/v3/server,
			/zones, /net, /tasks, /mem, and /status.  [RT #35115]

3699.	[bug]		Improvements to statistics channel XSL stylesheet:
			the stylesheet can now be cached by the browser;
			section headers are omitted from the stats display
			when there is no data in those sections to be
			displayed; counters are now right-justified for
			easier readability. [RT #35117]
 2014-01-09 18:46:25 -08:00
Tinderbox User
3f9791eac4 regen master 2013-12-12 01:05:00 +00:00
Tinderbox User
4f9cb7bd58 regen master 2013-12-05 01:04:59 +00:00
Tinderbox User
d7b4cb00e9 regenerate 2013-11-18 23:00:15 +00:00
Tinderbox User
52cc3bd9c1 regen master 2013-11-15 01:05:18 +00:00
Tinderbox User
c8714f6798 Merge branch 'master' of ssh://repo.isc.org/proj/git/prod/bind9 2013-11-15 01:01:24 +00:00
Evan Hunt
434bfc3dfa [master] "in-view" zone option 
3673.	[func]		New "in-view" zone option allows direct sharing
			of zones between views. [RT #32968]
 2013-11-13 20:35:40 -08:00
Tinderbox User
03c0efc689 regen master 2013-11-13 01:04:50 +00:00