4873. [doc] Grammars for named.conf included in the ARM are now
automatically generated by the configuration parser
itself. As a side effect of the work needed to
separate zone type grammars from each other, this
also makes checking of zone statements in
named-checkconf more correct and consistent.
[RT #36957]
(cherry picked from commit 129c4414cb)
(cherry picked from commit f662d5484e)
4769. [bug] Enforce the requirement that the managed keys
directory (specified by "managed-keys-directory",
and defaulting to the working directory if not
specified) must be writable. [RT #46077]
4722. [cleanup] Clean up uses of strcpy() and strcat() in favor of
strlcpy() and strlcat() for safety. [RT #45981]
(cherry picked from commit 114f95089c)
4224. [func] Added support for "dyndb", a new interface for loading
zone data from an external database, developed by
Red Hat for the FreeIPA project.
DynDB drivers fully implement the BIND database
API, and are capable of significantly better
performance and functionality than DLZ drivers,
while taking advantage of advanced database
features not available in BIND such as multi-master
replication.
Thanks to Adam Tkac and Petr Spacek of Red Hat.
[RT #35271]
3938. [func] Added quotas to be used in recursive resolvers
that are under high query load for names in zones
whose authoritative servers are nonresponsive or
are experiencing a denial of service attack.
- "fetches-per-server" limits the number of
simultaneous queries that can be sent to any
single authoritative server. The configured
value is a starting point; it is automatically
adjusted downward if the server is partially or
completely non-responsive. The algorithm used to
adjust the quota can be configured via the
"fetch-quota-params" option.
- "fetches-per-zone" limits the number of
simultaneous queries that can be sent for names
within a single domain. (Note: Unlike
"fetches-per-server", this value is not
self-tuning.)
- New stats counters have been added to count
queries spilled due to these quotas.
See the ARM for details of these options. [RT #37125]
4124. [func] Log errors or warnings encountered when parsing the
internal default configuration. Clarify the logging
of errors and warnings encountered in rndc
addzone or modzone parameters. [RT #39440]
4030. [func] "rndc delzone" is now applicable to zones that were
configured in named.conf, as well as zones that
were added via "rndc addzone". (Note, however, that
if named.conf is not also modified, the deleted zone
will return when named is reloaded.) [RT #37887]
4029. [func] "rndc showzone" displays the current configuration
of a specified zone. [RT #37887]
3535. [func] Add support for setting Differentiated Services Code
Point (DSCP) values in named. Most configuration
options which take a "port" option (e.g.,
listen-on, forwarders, also-notify, masters,
notify-source, etc) can now also take a "dscp"
option specifying a code point for use with
outgoing traffic, if supported by the underlying
OS. [RT #27596]
