regen master

c4dbad7b · Tinderbox User · e66aaccf · c4dbad7b · c4dbad7b · c4dbad7b
Commit c4dbad7b authored Feb 21, 2017 by Tinderbox User
Showing with 337 additions and 301 deletions

doc/arm/Bv9ARM.ch06.html doc/arm/Bv9ARM.ch06.html +309 -299

doc/arm/Bv9ARM.ch09.html doc/arm/Bv9ARM.ch09.html +13 -0

doc/arm/notes.html doc/arm/notes.html +13 -0

doc/misc/options doc/misc/options +2 -2

No files found.
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -278,6 +278,19 @@
    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
 <li class="listitem">
 	<p>
+	  The Response Policy Zone (RPZ) implementation has been
+	  substantially refactored: updates to the RPZ summary
+	  database are no longer directly performed by the zone
+	  database but by a separate function that is called when
+	  a policy zone is updated.  This improves both performance
+	  and reliability when policy zones receive frequent updates.
+	  Summary database updates can be rate-limited by using the
+	  <span class="command"><strong>min-update-interval</strong></span> option in a
+	  <span class="command"><strong>response-policy</strong></span> statement. [RT #43449]
+	</p>
+      </li>
+<li class="listitem">
+        <p>
 	  <span class="command"><strong>dnstap</strong></span> now stores both the local and remote
 	  addresses for all messages, instead of only the remote address.
 	  The default output format for <span class="command"><strong>dnstap-read</strong></span> has

--- a/doc/arm/notes.html
+++ b/doc/arm/notes.html
@@ -241,6 +241,19 @@
    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
 <li class="listitem">
 	<p>
+	  The Response Policy Zone (RPZ) implementation has been
+	  substantially refactored: updates to the RPZ summary
+	  database are no longer directly performed by the zone
+	  database but by a separate function that is called when
+	  a policy zone is updated.  This improves both performance
+	  and reliability when policy zones receive frequent updates.
+	  Summary database updates can be rate-limited by using the
+	  <span class="command"><strong>min-update-interval</strong></span> option in a
+	  <span class="command"><strong>response-policy</strong></span> statement. [RT #43449]
+	</p>
+      </li>
+<li class="listitem">
+        <p>
 	  <span class="command"><strong>dnstap</strong></span> now stores both the local and remote
 	  addresses for all messages, instead of only the remote address.
 	  The default output format for <span class="command"><strong>dnstap-read</strong></span> has

--- a/doc/misc/options
+++ b/doc/misc/options
@@ -303,7 +303,7 @@ options {
            <integer>;
        response-policy { zone <quoted_string> [ log <boolean> ] [
            max-policy-ttl <integer> ] [ min-update-interval <integer> ] [
-            policy ( cname | disabled | drop | given | no-op | nodata | 
+            policy ( cname | disabled | drop | given | no-op | nodata |
            nxdomain | passthru | tcp-only <quoted_string> ) ] [
            recursive-only <boolean> ]; ... } [ break-dnssec <boolean> ] [
            max-policy-ttl <integer> ] [ min-update-interval <integer> ] [
@@ -613,7 +613,7 @@ view <string> [ <class> ] {
        response-policy { zone <quoted_string> [ log <boolean> ] [
            max-policy-ttl <integer> ] [ min-update-interval <integer> ] [
            policy ( cname | disabled | drop | given | no-op | nodata |
-            nxdomain | passthru | tcp-only | <quoted_string> ) ] [
+            nxdomain | passthru | tcp-only <quoted_string> ) ] [
            recursive-only <boolean> ]; ... } [ break-dnssec <boolean> ] [
            max-policy-ttl <integer> ] [ min-update-interval <integer> ] [
            min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [