GitLab

If named is configured to perform DNSSEC validation and also forwards
all queries ("forward only;") to validating resolvers, negative trust
anchors do not work properly because the CD bit is not set in queries
sent to the forwarders.  As a result, instead of retrieving bogus DNSSEC
material and making validation decisions based on its configuration,
named is only receiving SERVFAIL responses to queries for bogus data.
Fix by ensuring the CD bit is always set in queries sent to forwarders
if the query name is covered by an NTA.

- add CHANGES note
- update copyrights and license headers
- add -j to the make commands in .gitlab-ci.yml to take
  advantage of parallelization in the gitlab CI process

4056.	[bug]		Expanded automatic testing of trust anchor
			management and fixed several small bugs including
			a memory leak and a possible loss of key state
			information. [RT #38458]

4055.	[func]		"rndc managed-keys" can be used to check status
			of trust anchors or to force keys to be refreshed,
			Also, the managed keys data file has easier-to-read
			comments.  [RT #38458]

                        validation.  default dnssec-validation no; to
                        be changed to yes in 9.5.0.  [RT #15674]

enable-dnssec -> dnssec-enable

                        running tests. [RT #9091]

                        DNSSEC specify "enable-dnssec yes;" in named.conf.

files, so that tests succeed while transfer-source is still being (ab)used as
the notify source address

own CVS tree will help minimize CVS conflicts.  Maybe not.
Blame Graff for getting me to trim all trailing whitespace.

sockets and causing failures on some platforms

Fix out output

- Added an insecure child of a secure parent (insecure.secure.example)
- Added a privately secure child of a secure parent (private.secure.example)