1581. [func] Disable DNSSEC support by default. To enable
DNSSEC specify "enable-dnssec yes;" in named.conf.
1565. [bug] CD flag should be copied to outgoing queries unless
the query is under a secure entry point in which case
CD should be set.
1558. [func] New DNSSEC 'disable-algorithms'. Support entry into
child zones for which we don't have a supported
algorithm. Such child zones are treated as unsigned.
1557. [func] Implement missing DNSSEC tests for
* NOQNAME proof with wildcard answers.
* NOWILDARD proof with NXDOMAIN.
Cache and return NOQNAME with wildcard answers.
1541. [func] NSEC now uses new bitmap format.
1519. [bug] dnssec-signzone:nsec_setbit() computed the wrong
length of the new bitmap.
1516. [func] Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.
memmove unconditionally since any reasonable implementation of
memmove will perform such a choice internally, and also doing it
in the caller duplicates the effort.
sucky in the past couple of months. The nerve.
Anyway, dns_name_split now correctly compacts the preceding bitstring label
(if any) when a maximal bitstring is split.
It also correctly creates the suffix when a maximal bitstring is split.
It was doing this incorrectly before, independent of the compaction issue.
labels, zeroing a few of the least signficant bits in
the prefix part. When such an improperly created
prefix was returned to the RBT database, the bogus
label was dutifully stored, corrupting the tree.
[RT #369]
Also made dns_name_split() REQUIRE that suffixlabels always be greater than 0,
even when splitting a bitstring label (it already required this when not
splitting a bitstring label). This is consistent with the way dns_name_split()
was called to split a name that consisted of a single label, a bitstring;
the appropriate suffixlabels value is 1 in such cases.
Also a fixed minor style error, and a confusing comment.
hidden behind #ifdef's, since no OPT code number has yet to be assigned
by the IANA. They are also not quite complete in all regards; VIEW
options are understood and ignored. ZONE options are understood and
acted upon, though some of the error cases aren't quite right.
Remove doubled isc_mem_stats in dighost.c
Update todo list.
Change literal 255's to DNS_NAME_MAXWIRE in name.c
that is simpler, faster, and produces a much more even distribution,
particularly when the data to hash ends with a null byte like domain
names often do
