1581. [func] Disable DNSSEC support by default. To enable
DNSSEC specify "enable-dnssec yes;" in named.conf.
1565. [bug] CD flag should be copied to outgoing queries unless
the query is under a secure entry point in which case
CD should be set.
1558. [func] New DNSSEC 'disable-algorithms'. Support entry into
child zones for which we don't have a supported
algorithm. Such child zones are treated as unsigned.
1557. [func] Implement missing DNSSEC tests for
* NOQNAME proof with wildcard answers.
* NOWILDARD proof with NXDOMAIN.
Cache and return NOQNAME with wildcard answers.
1541. [func] NSEC now uses new bitmap format.
1519. [bug] dnssec-signzone:nsec_setbit() computed the wrong
length of the new bitmap.
1516. [func] Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.
Check return values or cast them to (void), as required by the coding
standards; add exceptions to the coding standards for cases where this is
not desirable
@Add bind9_getaddresses(), a consistent version of the get_address function
from dig/host/nslookup, nsupdate, and rndc. This should make it
easier to have the various programs support multiple addresses for a hostname.
replaced 'List the keys included in the keyset file' by
'The list of keys to be included in the keyset file', as
suggested by <Jason.Fountain@compaq.com>
[RT #1709]
Change isc_entropy_usebestsource() to have saner semantics:
- If an invalid file is specified, an error will be returned instead of the
keyboard being used.
- If no file is specified but a random device is present, the keyboard will
be used if there is an error opening the random device.
- ISC_ENTROPY_KEYBOARDYES indicates that the keyboard should be the
only device used. Otherwise, passing '-r keyboard' is meaningless
on a machine with a random device, since the keyboard will not be used.
Change the callers in the dnssec tools and rndc-confgen to check for the
special file "keyboard" and call isc_entropy_usebestsource() with the right set
of parameters.
used because of the lack of a suitable random device
was not being printed.
wantkeyboard was always being set to true just before setting up the keyboard
callback, rather than only being set to true if PATH_RANDOMDEV was undefined
or not able to be opened.
