1. 18 Nov, 2014 1 commit
  2. 15 Nov, 2014 2 commits
  3. 14 Nov, 2014 1 commit
    • Evan Hunt's avatar
      [master] allow arbitrary-size rndc output · e32d354f
      Evan Hunt authored
      4005.	[func]		The buffer used for returning text from rndc
      			commands is now dynamically resizable, allowing
      			arbitrarily large amounts of text to be sent back
      			to the client. (Prior to this change, it was
      			possible for the output of "rndc tsig-list" to be
      			truncated.) [RT #37731]
      e32d354f
  4. 06 Nov, 2014 1 commit
  5. 05 Nov, 2014 1 commit
    • Evan Hunt's avatar
      [master] new mkeys and nzf naming format · ce96d432
      Evan Hunt authored
      3999.	[func]		"mkeys" and "nzf" files are now named after
      			their corresponding views, unless the view name
      			contains characters that would be incompatible
      			with use in a filename (i.e., slash, backslash,
      			or capital letters). If a view name does contain
      			these characters, the files will still be named
      			using a cryptographic hash of the view name.
      			Regardless of this, if a file using the old name
      			format is found to exist, it will continue to be
      			used. [RT #37704]
      ce96d432
  6. 21 Oct, 2014 1 commit
  7. 17 Oct, 2014 1 commit
  8. 02 Oct, 2014 2 commits
  9. 29 Sep, 2014 1 commit
  10. 10 Sep, 2014 1 commit
  11. 04 Sep, 2014 2 commits
    • Evan Hunt's avatar
      [master] servfail cache · a8783019
      Evan Hunt authored
      3943.	[func]		SERVFAIL responses can now be cached for a
      			limited time (configured by "servfail-ttl",
      			default 10 seconds, limit 30). This can reduce
      			the frequency of retries when an authoritative
      			server is known to be failing, e.g., due to
      			ongoing DNSSEC validation problems. [RT #21347]
      a8783019
    • Evan Hunt's avatar
      [master] [rt37069] update NTA limit to a week · 3d066288
      Evan Hunt authored
      3940.	[func]		"rndc nta" now allows negative trust anchors to be
      			set for up to one week. [RT #37069]
      3d066288
  12. 30 Aug, 2014 1 commit
  13. 29 Aug, 2014 1 commit
    • Evan Hunt's avatar
      [master] ECS authoritative support · d46855ca
      Evan Hunt authored
      3936.	[func]		Added authoritative support for the EDNS Client
      			Subnet (ECS) option.
      
      			ACLs can now include "ecs" elements which specify
      			an address or network prefix; if an ECS option is
      			included in a DNS query, then the address encoded
      			in the option will be matched against "ecs" ACL
      			elements.
      
      			Also, if an ECS address is included in a query,
      			then it will be used instead of the client source
      			address when matching "geoip" ACL elements.  This
      			behavior can be overridden with "geoip-use-ecs no;".
      
      			When "ecs" or "geoip" ACL elements are used to
      			select a view for a query, the response will include
      			an ECS option to indicate which client network the
      			answer is valid for.
      
      			(Thanks to Vincent Bernat.) [RT #36781]
      d46855ca
  14. 26 Aug, 2014 2 commits
  15. 23 Aug, 2014 1 commit
  16. 22 Aug, 2014 1 commit
  17. 18 Aug, 2014 1 commit
  18. 06 Aug, 2014 1 commit
  19. 02 Aug, 2014 1 commit
  20. 30 Jul, 2014 1 commit
    • Evan Hunt's avatar
      [master] complete change #3882 · a5e2e389
      Evan Hunt authored
      Parse arguments to "rndc nta" so they can be either
      long or shortened (i.e., both "-dump" and "-d" will work).
      a5e2e389
  21. 25 Jun, 2014 1 commit
  22. 19 Jun, 2014 1 commit
  23. 18 Jun, 2014 1 commit
    • Evan Hunt's avatar
      [master] complete NTA work · b8a96323
      Evan Hunt authored
      3882.	[func]		By default, negative trust anchors will be tested
      			periodically to see whether data below them can be
      			validated, and if so, they will be allowed to
      			expire early. The "rndc nta -force" option
      			overrides this behvaior.  The default NTA lifetime
      			and the recheck frequency can be configured by the
      			"nta-lifetime" and "nta-recheck" options. [RT #36146]
      b8a96323
  24. 30 May, 2014 2 commits
    • Evan Hunt's avatar
      [master] rndc nta · 0cfb2473
      Evan Hunt authored
      3867.	[func]		"rndc nta" can now be used to set a temporary
      			negative trust anchor, which disables DNSSEC
      			validation below a specified name for a specified
      			period of time (not exceeding 24 hours).  This
      			can be used when validation for a domain is known
      			to be failing due to a configuration error on
      			the part of the domain owner rather than a
      			spoofing attack. [RT #29358]
      0cfb2473
    • Mark Andrews's avatar
      fa6308bd
  25. 15 May, 2014 1 commit
  26. 26 Apr, 2014 1 commit
  27. 04 Apr, 2014 1 commit
  28. 13 Mar, 2014 1 commit
  29. 12 Mar, 2014 3 commits
  30. 11 Mar, 2014 1 commit
    • Evan Hunt's avatar
      [master] auto-generate salt · 62258ada
      Evan Hunt authored
      3781.	[func]		Specifying "auto" as the salt when using
      			"rndc signing -nsec3param" causes named to
      			generate a 64-bit salt at random. [RT #35322]
      62258ada
  31. 07 Mar, 2014 1 commit
  32. 01 Mar, 2014 1 commit
  33. 23 Feb, 2014 1 commit