delegation-only check to all TLDs and root.
Note there are some TLDs that are NOT delegation
only (e.g. DE and MUSEUM) these can be excluded
from the checks buy using exclude.
root-delegation-only exclude { "DE"; "MUSEUM"; };
zone should not accept delegation-only.
1508. [bug] Don't apply delegation-only checks to answers from
forwarders.
1507. [bug] Handle BIND 8 style returns to NS queries to parents
when making delegation-only checks.
1506. [bug] Wrong return type for dns_view_isdelegationonly().
1505. [bug] Uninitialised rdataset in sdb. [RT #8750]
1504. [func] New zone type "delegation-only".
dns_portlist_create(), dns_portlist_add(),
dns_portlist_remove(), dns_portlist_match(),
dns_portlist_attach() and dns_portlist_detach().
1441. [func] It is now possible to tell dig to bind to a specific
source port.
1440. [func] It is now possible to tell named to avoid using
certian source ports (avoid-v4-udp-ports,
avoid-v6-udp-ports).
in a acl. Remove duplicate entries from the localnets
acl.
1393. [port] Bind to individual IPv6 interfaces if IPV6_IPV6ONLY
is not available in the kernel to prevent accidently
listening on IPv4 interfaces.
Generating a response when the qname matches a wildcard and the type
doesn't exist didn't work; the NXT name was improperly expanded and the
wildcard proof was omitted.
states.
1378. [func] Improved positive feedback for 'rndc {reload|refresh}.
1377. [func] dns_zone_load{new}() now reports if the zone was
loaded, queued for loading to up to date.
1376. [func] New function dns_zone_logc() to log to specified
category.
detach from quota in an error case. I don't know if this is strictly needed,
but it makes sense. It is probably done later as well, but all places
check for the pointer != NULL, so we'll be ok.
DNSSEC wildcard negative proof responses were longer than necessary in
some cases; the existence of a node for which the qname is a subdomain
obscures all shallower wildcards.
That is, query for y.x.foo.com. If the response contains an NXT
at x.foo.com, it's not necessary to prove that there's no wildcard at
*.foo.com, since it wouldn't be matched anyway.
query-source-v6 with explict addresses and using the
same ports as named was listening on could interfere
with nameds ability to answer queries sent to those
addresses.
