upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-25 19:04:57 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
21816 commits 18 branches 854 tags 440 MiB
Commit graph

1767 commits

Author SHA1 Message Date
Evan Hunt
ba751492fc [master] native PKCS#11 support 
3705.	[func]		"configure --enable-native-pkcs11" enables BIND
			to use the PKCS#11 API for all cryptographic
			functions, so that it can drive a hardware service
			module directly without the need to use a modified
			OpenSSL as intermediary (so long as the HSM's vendor
			provides a complete-enough implementation of the
			PKCS#11 interface). This has been tested successfully
			with the Thales nShield HSM and with SoftHSMv2 from
			the OpenDNSSEC project. [RT #29031]
 2014-01-14 15:40:56 -08:00
Tinderbox User
2cf1d5b098 update copyright notice 2014-01-12 23:46:23 +00:00
Mark Andrews
fb756ba304 3703. [func] Prefetch about to expire records if they are queried 
for, see prefetch option for details. [RT #35041]
 2014-01-12 21:29:15 +11:00
Tinderbox User
ca8ad4871e update copyright notice 2014-01-06 23:46:06 +00:00
Jeremy C. Reed
c55b7dce48 See ticket 35140 for details. 
Install some include files:

dns/client.h
dns/tsec.h
irs/resconf.h
irs/types.h
(I noticed these when building DHCP using installed BIND9.)

This was okayed during the 2014-01-02 BIND9 phone meeting.
 2014-01-06 14:20:31 -06:00
Tinderbox User
de77dcc2c1 update copyright notice 2013-12-11 23:47:38 +00:00
Evan Hunt
0bbe3273a2 [master] dnssec-signzone -Q 
3686.	[func]		"dnssec-signzone -Q" drops signatures from keys
			that are still published but no longer active.
			[RT #34990]
 2013-12-11 13:25:21 -08:00
Mark Andrews
2bdfb330af update copyrights 2013-12-05 15:04:53 +11:00
Mark Andrews
c3c8823fed 3681. [port] Update the Windows build system to support feature 
selection and WIN64 builds.  This is a work in
                        progress. [RT #34160]
 2013-12-04 12:47:23 +11:00
Tinderbox User
c0de084bbd update copyright notice 2013-11-13 23:46:31 +00:00
Evan Hunt
0618287859 [master] allow setting local addr in dns_client 
3672.	[func]		Local address can now be specified when using
			dns_client API. [RT #34811]
 2013-11-13 10:52:22 -08:00
Tinderbox User
0e17b4207e update copyright notice 2013-09-23 23:46:20 +00:00
Mark Andrews
9084a3e58f silence clang warning 2013-09-23 13:26:33 +10:00
Tinderbox User
63737247d1 update copyright notice 2013-09-05 23:46:16 +00:00
Evan Hunt
8e3b246dc8 [master] remove "resign" member from dns_diff struct 
no longer needed since change #3641
 2013-09-04 16:35:11 -07:00
Evan Hunt
79e6f6e519 [master] deprecate dns_journal_rollforward2 
no longer needed since change #3641
 2013-09-04 16:19:52 -07:00
Mark Andrews
3ad8f24ddd 3644. [protocol] Check that EDNS subnet client options are well formed. 
[RT #34718]
 2013-09-05 09:18:59 +10:00
Mark Andrews
0c91911b4d 3642. [func] Allow externally generated DNSKEY to be imported 
into the DNSKEY management framework.  A new tool
                        dnssec-importkey is used to this. [RT #34698]
 2013-09-04 13:53:02 +10:00
Mark Andrews
d6f99498d6 3639. [bug] Treat type 65533 (KEYDATA) as opaque except when used 
in a key zone. [RT #34238]
 2013-09-04 13:14:06 +10:00
Tinderbox User
377b774598 update copyright notice 2013-08-15 23:46:17 +00:00
Mark Andrews
7ace327795 3632. [bug] Signature from newly inactive keys were not being 
removed.  [RT #32178]
 2013-08-15 10:48:05 +10:00
Tinderbox User
21c8938824 update copyright notice 2013-08-12 23:46:05 +00:00
Mark Andrews
75ae74f8fd 3629. [func] Allow the printing of cryptographic fields in DNSSEC 
records by dig to be suppressed (dig +nocrypto).
                        [RT #34534]
 2013-08-12 15:37:51 +10:00
Mark Andrews
df0892aea6 3627. [bug] RPZ changes were not effective on slaves. [RT #34450] 2013-08-09 13:23:01 +10:00
Evan Hunt
d640b4a0ab [master] perf: eliminate cache stats attach/detach 
3622.	[tuning]	Eliminate an unnecessary lock when incrementing
			cache statistics. [RT #34339]
 2013-07-25 10:51:31 -07:00
Evan Hunt
421d4a0647 [master] rpz work 
3620.	[func]		Added "rpz-client-ip" policy triggers, enabling
			RPZ responses to be configured on the basis of
			the client IP address; this can be used, for
			example, to blacklist misbehaving recursive
			or stub resolvers. [RT #33605]

3619.	[bug]		Fixed a bug in RPZ with "recursive-only no;"
			[RT #33776]
 2013-07-12 14:46:47 -07:00
Evan Hunt
9d4ec6d2c5 [master] "flushtree -all" no longer optional 
Updated CHANGES note:
3606.	[func]		"rndc flushtree" now flushes matching
			records in the address database and bad cache
                        as well as the DNS cache. (Previously only the
                        DNS cache was flushed.) [RT #33970]
 2013-06-30 18:53:48 -07:00
Evan Hunt
9fa5a723e1 [master] "rndc flushtree -all <name>" 
3606.	[func]		"rndc flushtree -all" flushes matching
			records in the ADB and bad cache as well as
			the DNS cache.  (Without the "-all" option,
			flushtree will still only flush records from
			the DNS cache.) [RT #33970]
 2013-06-26 14:59:32 -07:00
Evan Hunt
31707708c5 [master] portability fixes for map files 
3598.	[cleanup]	Improved portability of map file code. [RT #33820]
 2013-06-17 09:09:43 -07:00
Evan Hunt
b7e40659ef [master] rebuild resigning heaps when loading map files 
3597.	[bug]		Ensure automatic-resigning heaps are reconstructed
			when loading zones in map format. [RT #33381]
 2013-06-14 10:16:10 -07:00
Mark Andrews
8e15d5eb3a 3593. [func] Update EDNS processing to better track remote server 
capabilities. [RT #30655]
 2013-06-12 11:31:30 +10:00
Evan Hunt
e59937c728 [rt33746] use CRC64 for map file error detection 
3591.	[func]		Use CRC-64 to detect map file corruption at load
			time. [RT #33746]
 2013-06-10 14:19:22 -07:00
Tinderbox User
180c8cf5fa update copyright notice 2013-05-07 23:46:05 +00:00
Evan Hunt
127a4a90b0 [master] more map file sanity checks 
(not adding a new CHANGES note because this is an extension of the
previous one, change #3570.)
 2013-05-07 13:54:58 -07:00
Evan Hunt
d9f0c713fe [master] handle corrupted pointers in map files 
3570.	[bug]		Check internal pointers are valid when loading map
                        files. [RT #33403]
 2013-05-06 15:40:40 -07:00
Tinderbox User
52d3ce3ada update copyright notice 2013-05-02 23:46:13 +00:00
Evan Hunt
03b5d2689d [master] add hash to map files 
3562.	[func]		Update map file header format to include a SHA-1 hash
			of the database content, so that corrupted map files
			can be rejected at load time. [RT #32459]
 2013-05-01 22:20:02 -07:00
Mark Andrews
26bb3b7a67 3559. [func] Check that both forms of Sender Policy Framework 
records exist or do not exist. [RT #33355]
 2013-04-30 13:49:41 +10:00
Evan Hunt
ff5ac6d421 [master] address two more possible acache asserts 
3555.	[bug]		Address theoretical race conditions in acache.c
			(change #3553 was incomplete). [RT #33252]
 2013-04-25 18:02:52 -07:00
Evan Hunt
a6d43d18b1 [master] fixed several RRL issues 
3554.	[bug]		RRL failed to correctly rate-limit upward
			referrals and failed to count dropped error
			responses in the statistics. [RT #33225]
 2013-04-25 14:42:44 -07:00
Tinderbox User
12253af346 update copyright notice 2013-04-10 23:46:01 +00:00
Evan Hunt
b99bfa184b [master] unify internal and export libraries 
3550.	[func]		Unified the internal and export versions of the
			BIND libraries, allowing external clients to use
			the same libraries as BIND. [RT #33131]
 2013-04-10 13:49:57 -07:00
Tinderbox User
526cc7c2c0 update copyright notice 2013-04-09 23:46:07 +00:00
Mark Andrews
4adf97c32f 3548. [bug] The NSID request code in resolver.c was broken 
resulting in invalid EDNS options being sent.
                        [RT #33153]
 2013-04-08 16:29:26 +10:00
Mark Andrews
3a6d62c59f 3546. [func] Add EUI48 and EUI64 types. [RT #33082] 2013-04-05 09:07:28 +11:00
Evan Hunt
73b3019760 [master] address windows build warnings 2013-03-28 15:37:47 -07:00
Tinderbox User
313b0ea9f2 update copyright notice 2013-03-23 23:46:06 +00:00
Tinderbox User
1e9f7a42bc update copyright notice 2013-03-22 23:46:17 +00:00
Evan Hunt
67adc03ef8 [master] add DSCP support 
3535.	[func]		Add support for setting Differentiated Services Code
			Point (DSCP) values in named.  Most configuration
			options which take a "port" option (e.g.,
			listen-on, forwarders, also-notify, masters,
			notify-source, etc) can now also take a "dscp"
			option specifying a code point for use with
			outgoing traffic, if supported by the underlying
			OS. [RT #27596]
 2013-03-22 14:05:33 -07:00
Evan Hunt
feb067b25a [master] add JSON statistics channel 
3524.	[func]		Added an alternate statistics channel in JSON format,
			when the server is built with the json-c library:
			http://[address]:[port]/json.  [RT #32630]
 2013-03-13 14:24:50 -07:00