1. 08 Jun, 2018 1 commit
  2. 04 Jun, 2018 1 commit
  3. 14 Mar, 2018 1 commit
  4. 03 Oct, 2017 1 commit
    • Evan Hunt's avatar
      [v9_11] de-DLV · d5bd8bb7
      Evan Hunt authored
      4749.	[func]		The ISC DLV service has been shut down, and all
      			DLV records have been removed from dlv.isc.org.
      			- Removed references to ISC DLV in documentation
      			- Removed DLV key from bind.keys
      			- No longer use ISC DLV by default in delv
      			[RT #46155]
      d5bd8bb7
  5. 06 Sep, 2017 1 commit
  6. 28 Jul, 2017 1 commit
  7. 21 Jul, 2017 1 commit
  8. 26 Apr, 2017 2 commits
  9. 02 Nov, 2016 1 commit
  10. 11 Oct, 2016 1 commit
  11. 18 Aug, 2016 1 commit
  12. 22 Jul, 2016 1 commit
  13. 27 Jun, 2016 1 commit
  14. 22 Jun, 2016 1 commit
  15. 26 May, 2016 1 commit
  16. 25 May, 2016 2 commits
  17. 15 Dec, 2015 1 commit
  18. 05 Nov, 2015 1 commit
  19. 29 Oct, 2015 1 commit
  20. 17 Oct, 2015 1 commit
  21. 02 Oct, 2015 1 commit
    • Evan Hunt's avatar
      [master] dnstap · b66b333f
      Evan Hunt authored
      4235.	[func]		Added support in named for "dnstap", a fast method of
      			capturing and logging DNS traffic, and a new command
      			"dnstap-read" to read a dnstap log file.  Use
      			"configure --enable-dnstap" to enable this
      			feature (note that this requires libprotobuf-c
      			and libfstrm). See the ARM for configuration details.
      
      			Thanks to Robert Edmonds of Farsight Security.
      			[RT #40211]
      b66b333f
  22. 28 Sep, 2015 2 commits
  23. 12 Aug, 2015 1 commit
    • Mark Andrews's avatar
      Updated CHANGES note to include require-server-cookie: · c631ff56
      Mark Andrews authored
      4152.   [func]          Implement DNS COOKIE option.  This replaces the
                              experimental SIT option of BIND 9.10.  The following
                              named.conf directives are available: send-cookie,
                              cookie-secret, cookie-algorithm, nocookie-udp-size
                              and require-server-cookie.  The following dig options
                              are available: +[no]cookie[=value] and +[no]badcookie.
                              [RT #39928]
      c631ff56
  24. 12 Jul, 2015 1 commit
  25. 09 Jul, 2015 1 commit
    • Evan Hunt's avatar
      [master] DDoS mitigation features · 1479200a
      Evan Hunt authored
      3938.	[func]		Added quotas to be used in recursive resolvers
      			that are under high query load for names in zones
      			whose authoritative servers are nonresponsive or
      			are experiencing a denial of service attack.
      
      			- "fetches-per-server" limits the number of
      			  simultaneous queries that can be sent to any
      			  single authoritative server.  The configured
      			  value is a starting point; it is automatically
      			  adjusted downward if the server is partially or
      			  completely non-responsive. The algorithm used to
      			  adjust the quota can be configured via the
      			  "fetch-quota-params" option.
      			- "fetches-per-zone" limits the number of
      			  simultaneous queries that can be sent for names
      			  within a single domain.  (Note: Unlike
      			  "fetches-per-server", this value is not
      			  self-tuning.)
      			- New stats counters have been added to count
      			  queries spilled due to these quotas.
      
      			See the ARM for details of these options. [RT #37125]
      1479200a
  26. 05 Jul, 2015 1 commit
    • Mark Andrews's avatar
      4152. [func] Implement DNS COOKIE option. This replaces the · ce67023a
      Mark Andrews authored
                              experimental SIT option of BIND 9.10.  The following
                              named.conf directives are avaliable: send-cookie,
                              cookie-secret, cookie-algorithm and nocookie-udp-size.
                              The following dig options are available:
                              +[no]cookie[=value] and +[no]badcookie.  [RT #39928]
      ce67023a
  27. 22 May, 2015 1 commit
  28. 28 Apr, 2015 1 commit
  29. 03 Mar, 2015 1 commit
    • Evan Hunt's avatar
      [master] add "lock-file" and fix up singleton code · 7ae96d88
      Evan Hunt authored
      4080.	[func]		Completed change #4022, adding a "lock-file" option
      			to named.conf to override the default lock file,
      			in addition to the "named -X <filename>" command
      			line option.  Setting the lock file to "none"
      			using either method disables the check completely.
      			[RT #37908]
      7ae96d88
  30. 21 Jan, 2015 2 commits
  31. 16 Dec, 2014 1 commit
  32. 24 Nov, 2014 1 commit
  33. 19 Nov, 2014 1 commit
  34. 18 Nov, 2014 1 commit
    • Evan Hunt's avatar
      [master] limit recursion depth and iterative queries · 3230429e
      Evan Hunt authored
      4006.	[security]	A flaw in delegation handling could be exploited
      			to put named into an infinite loop.  This has
      			been addressed by placing limits on the number
      			of levels of recursion named will allow (default 7),
      			and the number of iterative queries that it will
      			send (default 50) before terminating a recursive
      			query (CVE-2014-8500).
      
      			The recursion depth limit is configured via the
      			"max-recursion-depth" option.  [RT #35780]
      3230429e
  35. 29 Sep, 2014 1 commit
  36. 04 Sep, 2014 1 commit
    • Evan Hunt's avatar
      [master] servfail cache · a8783019
      Evan Hunt authored
      3943.	[func]		SERVFAIL responses can now be cached for a
      			limited time (configured by "servfail-ttl",
      			default 10 seconds, limit 30). This can reduce
      			the frequency of retries when an authoritative
      			server is known to be failing, e.g., due to
      			ongoing DNSSEC validation problems. [RT #21347]
      a8783019