Prevent TCP failures from affecting EDNS stats

See merge request !2501

5310.	[bug]		TCP failures were affecting EDNS statistics. [GL #1059]

EDNS mechanisms only apply to DNS over UDP.  Thus, errors encountered
while sending DNS queries over TCP must not influence EDNS timeout
statistics.

Prevent query loops for misbehaving servers

See merge request !2500

If a TCP connection fails while attempting to send a query to a server,
the fetch context will be restarted without marking the target server as
a bad one.  If this happens for a server which:

  - was already marked with the DNS_FETCHOPT_EDNS512 flag,
  - responds to EDNS queries with the UDP payload size set to 512 bytes,
  - does not send response packets larger than 512 bytes,

and the response for the query being sent is larger than 512 byes, then
named will pointlessly alternate between sending UDP queries with EDNS
UDP payload size set to 512 bytes (which are responded to with truncated
answers) and TCP connections until the fetch context retry limit is
reached.  Prevent such query loops by marking the server as bad for a
given fetch context if the advertised EDNS UDP payload size for that
server gets reduced to 512 bytes and it is impossible to reach it using
TCP.

Add a CHANGES placeholder

See merge request !2502

See [GL !2476].

Merge branch '1288-log-dns_r_unchanged-from-sync_secure_journal-at-info-level-in-receive_secure_serial' into 'master'

Resolve "Log DNS_R_UNCHANGED from sync_secure_journal at info level in receive_secure_serial."

Closes #1288

See merge request !2490

Fix hang in `named-compilezone | head`

See merge request !2481

Tony Finch authored Oct 22, 2019 and Ondřej Surý committed Oct 29, 2019

I was truncating zone files for experimental purposes when I found
that `named-compilezone | head` got stuck. The full command line that
exhibited the problem was:

	dig axfr dotat.at |
	named-compilezone -o /dev/stdout dotat.at /dev/stdin |
	head

This requires a large enough zone to exhibit the problem, more than
about 70000 bytes of plain text output from named-compilezone.
I was running the command on Debian Stretch amd64.

This was puzzling since it looked like something was suppressing the
SIGPIPE. I used `strace` to examine what was happening at the hang.
The program was just calling write() a lot to print the zone file, and
the last write() hanged until I sent it a SIGINT.

During some discussion with friends, Ian Jackson guessed that opening
/dev/stdout O_RDRW might be the problem, and after some tests we found
that this does in fact suppress SIGPIPE.

Since `named-compilezone` only needs to write to its output file, the
fix is to omit the stdio "+" update flag.

placeholder.

See merge request !2495

Update the list of supported and unsupported PLATFORMS for BIND 9.15

See merge request !2486

Disable synth-from-dnssec by default

See merge request !2491

It was found that NSEC Aggressive Caching has a significant performance impact
on BIND 9 when used as recursor.  This commit disables the synth-from-dnssec
configuration option by default to provide immediate remedy for people running
BIND 9.12+.  The NSEC Aggressive Cache will be enabled again after a proper fix
will be prepared.

Revamp the release checklist

See merge request !2488

Make the release checklist match the current release process better by
adding missing steps, rearranging existing ones, reassigning
responsibilities, and dividing the list into sections (by due date).

Add CentOS 8 to GitLab CI

See merge request !2489

Ensure BIND can be tested on CentOS 8 in GitLab CI to more quickly catch
build and test errors on that operating system.

"dnskey-sig-validity 0;" was not accepted

Closes #876

See merge request !2484

placeholder

See merge request !2485

Update the coding style to reflect the year 2019 and C99/C11 standard

Closes #5

See merge request !2148

Resolve "dnstap per view configuration"

Closes #1281

See merge request !2477

Address cppcheck 1.89 warnings

See merge request !2472