3760. [bug] Improve SIT with native PKCS#11 and on Windows.
[RT #35433]
3759. [port] Enable delve on Windows. [RT #35441]
3758. [port] Enable export library APIs on windows. [RT #35382]
(which are similar to DNS Cookies by Donald Eastlake)
and are designed to help clients detect off path
spoofed responses and for servers to detect legitimate
clients.
SIT use a experimental EDNS option code (65001).
SIT can be enabled via --enable-developer or
--enable-sit. It is on by default in Windows.
RRL processing as been updated to know about SIT with
legitimate clients not being rate limited. [RT #35389]
3705. [func] "configure --enable-native-pkcs11" enables BIND
to use the PKCS#11 API for all cryptographic
functions, so that it can drive a hardware service
module directly without the need to use a modified
OpenSSL as intermediary (so long as the HSM's vendor
provides a complete-enough implementation of the
PKCS#11 interface). This has been tested successfully
with the Thales nShield HSM and with SoftHSMv2 from
the OpenDNSSEC project. [RT #29031]
3605. [port] win32: Addressed several compatibility issues
with newer versions of Visual Studio. [RT #33916]
Squashed commit of the following:
commit 4127af15f85da90cf2bd3a0c5a558daae89e833a
Author: Francis Dupont <fdupont@isc.org>
Date: Tue Jun 25 22:41:53 2013 +0200
make the last change to be text
commit 21ef4891b9ee3e3aefb45d4c80d5cb7ec78f264f
Author: Curtis Blackburn <ckb@isc.org>
Date: Tue Jun 25 12:35:08 2013 -0500
[rt33916] re-worded for easier reading
commit 83828e47e62fea4070441e645ba8fed338255ceb
Author: Francis Dupont <fdupont@isc.org>
Date: Mon Jun 24 16:08:11 2013 +0200
introduce a VCRedistPath env var
commit 0337f2554f168993a65945e78c2879e9bfca5293
Author: Francis Dupont <fdupont@isc.org>
Date: Sun Jun 23 01:23:26 2013 +0200
_adjust_fdiv for VS < 2010
commit 375fdd5c06be276b0ff0ad589c0e22b809339fe9
Author: Francis Dupont <fdupont@isc.org>
Date: Thu Jun 20 16:27:04 2013 +0200
move to MSVC v1600 as it still breaks on VS 2010
commit bfcaf72071e9d8df1d0ce0c5f05b69acd51bf698
Author: Francis Dupont <fdupont@isc.org>
Date: Thu Jun 20 15:57:35 2013 +0200
WIN32: avoid addrinfo redef
commit 18504c3e50b11e66a0b573c7cb3d61094bfa5b52
Author: Francis Dupont <fdupont@isc.org>
Date: Thu Jun 20 15:54:38 2013 +0200
WIN32: fseek/ftell
commit f9a4fdccc5ab1c74c64412fb76da7dfd161787b2
Author: Francis Dupont <fdupont@isc.org>
Date: Thu Jun 20 15:13:01 2013 +0200
fix WIN32 error redefs in net.h (isc ad lwres libs)
3535. [func] Add support for setting Differentiated Services Code
Point (DSCP) values in named. Most configuration
options which take a "port" option (e.g.,
listen-on, forwarders, also-notify, masters,
notify-source, etc) can now also take a "dscp"
option specifying a code point for use with
outgoing traffic, if supported by the underlying
OS. [RT #27596]
- add ddns-confgen command to generate
configuration text for named.conf
- add zone option "ddns-autoconf yes;", which
causes named to generate a TSIG session key
and allow updates to the zone using that key
- add '-l' (localhost) option to nsupdate, which
causes nsupdate to connect to a locally-running
named process using the session key generated
by named
[RT #19284]
