4602. [func] Threads are now set to human-readable
names to assist debugging, when supported by
the OS. [RT #43234]
(cherry picked from commit d26ae7fc08)
4290. [func] The timers returned by the statistics channel
(indicating current time, server boot time, and
most recent reconfiguration time) are now reported
with millisecond accuracy. [RT #40082]
experimental SIT option of BIND 9.10. The following
named.conf directives are avaliable: send-cookie,
cookie-secret, cookie-algorithm and nocookie-udp-size.
The following dig options are available:
+[no]cookie[=value] and +[no]badcookie. [RT #39928]
4080. [func] Completed change #4022, adding a "lock-file" option
to named.conf to override the default lock file,
in addition to the "named -X <filename>" command
line option. Setting the lock file to "none"
using either method disables the check completely.
[RT #37908]
4056. [bug] Expanded automatic testing of trust anchor
management and fixed several small bugs including
a memory leak and a possible loss of key state
information. [RT #38458]
4055. [func] "rndc managed-keys" can be used to check status
of trust anchors or to force keys to be refreshed,
Also, the managed keys data file has easier-to-read
comments. [RT #38458]
3760. [bug] Improve SIT with native PKCS#11 and on Windows.
[RT #35433]
3759. [port] Enable delve on Windows. [RT #35441]
3758. [port] Enable export library APIs on windows. [RT #35382]
(which are similar to DNS Cookies by Donald Eastlake)
and are designed to help clients detect off path
spoofed responses and for servers to detect legitimate
clients.
SIT use a experimental EDNS option code (65001).
SIT can be enabled via --enable-developer or
--enable-sit. It is on by default in Windows.
RRL processing as been updated to know about SIT with
legitimate clients not being rate limited. [RT #35389]
3705. [func] "configure --enable-native-pkcs11" enables BIND
to use the PKCS#11 API for all cryptographic
functions, so that it can drive a hardware service
module directly without the need to use a modified
OpenSSL as intermediary (so long as the HSM's vendor
provides a complete-enough implementation of the
PKCS#11 interface). This has been tested successfully
with the Thales nShield HSM and with SoftHSMv2 from
the OpenDNSSEC project. [RT #29031]
3605. [port] win32: Addressed several compatibility issues
with newer versions of Visual Studio. [RT #33916]
Squashed commit of the following:
commit 4127af15f85da90cf2bd3a0c5a558daae89e833a
Author: Francis Dupont <fdupont@isc.org>
Date: Tue Jun 25 22:41:53 2013 +0200
make the last change to be text
commit 21ef4891b9ee3e3aefb45d4c80d5cb7ec78f264f
Author: Curtis Blackburn <ckb@isc.org>
Date: Tue Jun 25 12:35:08 2013 -0500
[rt33916] re-worded for easier reading
commit 83828e47e62fea4070441e645ba8fed338255ceb
Author: Francis Dupont <fdupont@isc.org>
Date: Mon Jun 24 16:08:11 2013 +0200
introduce a VCRedistPath env var
commit 0337f2554f168993a65945e78c2879e9bfca5293
Author: Francis Dupont <fdupont@isc.org>
Date: Sun Jun 23 01:23:26 2013 +0200
_adjust_fdiv for VS < 2010
commit 375fdd5c06be276b0ff0ad589c0e22b809339fe9
Author: Francis Dupont <fdupont@isc.org>
Date: Thu Jun 20 16:27:04 2013 +0200
move to MSVC v1600 as it still breaks on VS 2010
commit bfcaf72071e9d8df1d0ce0c5f05b69acd51bf698
Author: Francis Dupont <fdupont@isc.org>
Date: Thu Jun 20 15:57:35 2013 +0200
WIN32: avoid addrinfo redef
commit 18504c3e50b11e66a0b573c7cb3d61094bfa5b52
Author: Francis Dupont <fdupont@isc.org>
Date: Thu Jun 20 15:54:38 2013 +0200
WIN32: fseek/ftell
commit f9a4fdccc5ab1c74c64412fb76da7dfd161787b2
Author: Francis Dupont <fdupont@isc.org>
Date: Thu Jun 20 15:13:01 2013 +0200
fix WIN32 error redefs in net.h (isc ad lwres libs)
3535. [func] Add support for setting Differentiated Services Code
Point (DSCP) values in named. Most configuration
options which take a "port" option (e.g.,
listen-on, forwarders, also-notify, masters,
notify-source, etc) can now also take a "dscp"
option specifying a code point for use with
outgoing traffic, if supported by the underlying
OS. [RT #27596]
