1581. [func] Disable DNSSEC support by default. To enable
DNSSEC specify "enable-dnssec yes;" in named.conf.
1565. [bug] CD flag should be copied to outgoing queries unless
the query is under a secure entry point in which case
CD should be set.
1558. [func] New DNSSEC 'disable-algorithms'. Support entry into
child zones for which we don't have a supported
algorithm. Such child zones are treated as unsigned.
1557. [func] Implement missing DNSSEC tests for
* NOQNAME proof with wildcard answers.
* NOWILDARD proof with NXDOMAIN.
Cache and return NOQNAME with wildcard answers.
1541. [func] NSEC now uses new bitmap format.
1519. [bug] dnssec-signzone:nsec_setbit() computed the wrong
length of the new bitmap.
1516. [func] Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.
*warning messages generated by dns_master_load* should not print
dns_master_load, since it violates the "don't print function names in
error messages" rule.
*When printing a warning about a value not being a valid decimal dotted
quad, it seems excessive to print "warning" when the message is already logged
at log level WARNING by the warn() callback.
*We could select on a closed file descriptor.
Check return values or cast them to (void), as required by the coding
standards; add exceptions to the coding standards for cases where this is
not desirable
'magic' was not being declared consistantly.
some #include <isc/magic.h> were missing from other include files.
NS_SERVER_VALID was not using ISC_MAGIC_VALID.
an SOA record without an explicit TTL field and
lacking a $TTL directive, by using the SOA MINTTL
as a default TTL. This is for backwards compatibility
with old versions of BIND 8, which accepted such
files without warning although they are illegal
according to RFC1035.
ictx->drop is inherited when a include file is pushed.
NOTE: it is *not* restored when the include file is subsequently popped as
the current owner is restored to the state it was before the file
was pushed.
we missed setting source & line after one successful pushfile().
