a REQUIRE assertion failure when a fetch is actually
initiated. [ RT #35899]
Squashed commit of the following:
commit 7f4e1f3917d743089c42cc52ec2c0eea598d2c00
Author: Mukund Sivaraman <muks@isc.org>
Date: Sun May 4 22:34:34 2014 +0530
Fix a comment
commit 6a35a6a2346013fa8e3798b9b680d8a3031fcb03
Author: Mark Andrews <marka@isc.org>
Date: Sun May 4 23:34:25 2014 +1000
pass the correct name to query_prefetch
(cherry picked from commit b36fc8294e)
in draft-andrews-dnsext-expire-00. Retrivial of
remaining time to expiry from slave zones is supported.
EXPIRE uses an experimental option code (65002) and
is subject to change. [RT #35416]
(which are similar to DNS Cookies by Donald Eastlake)
and are designed to help clients detect off path
spoofed responses and for servers to detect legitimate
clients.
SIT use a experimental EDNS option code (65001).
SIT can be enabled via --enable-developer or
--enable-sit. It is on by default in Windows.
RRL processing as been updated to know about SIT with
legitimate clients not being rate limited. [RT #35389]
3620. [func] Added "rpz-client-ip" policy triggers, enabling
RPZ responses to be configured on the basis of
the client IP address; this can be used, for
example, to blacklist misbehaving recursive
or stub resolvers. [RT #33605]
3619. [bug] Fixed a bug in RPZ with "recursive-only no;"
[RT #33776]
3590. [bug] When using RRL on recursive servers, defer
rate-limiting until after recursion is complete;
also, use correct rcode for slipped NXDOMAIN
responses. [RT #33604]
3468. [security] RPZ rules to generate A records (but not AAAA records)
could trigger an assertion failure when used in
conjunction with DNS64. [RT #32141]
3434. [bug] Pass client info to the DLZ findzone() entry
point in addition to lookup(). This makes it
possible for a database to answer differently
whether it's authoritative for a name depending
on the address of the client. [RT #31775]
3432. [func] Multiple DLZ databases can now be configured.
DLZ databases are searched in the order configured,
unless set to "search no", in which case a
zone can be configured to be retrieved from a
particular DLZ database by using a "dlz <name>"
option in the zone statement. DLZ databases can
support type "master" and "redirect" zones.
[RT #27597]
adds query type statistics at the zone level, and
flattens the XML tree and uses compressed format to
optimize parsing. Includes new XSL that permits
charting via the Google Charts API on browsers that
support javascript in XSL. The old XML schema has been
deprecated. [RT #30023]
3417. [placeholder]
3383. [security] A certain combinations of records in the RBT could
cause named to hang while populating the additional
section of a response. [RT #31090]
