1. 05 Sep, 2014 2 commits
  2. 04 Sep, 2014 2 commits
    • Evan Hunt's avatar
      [master] servfail cache · a8783019
      Evan Hunt authored
      3943.	[func]		SERVFAIL responses can now be cached for a
      			limited time (configured by "servfail-ttl",
      			default 10 seconds, limit 30). This can reduce
      			the frequency of retries when an authoritative
      			server is known to be failing, e.g., due to
      			ongoing DNSSEC validation problems. [RT #21347]
      a8783019
    • Evan Hunt's avatar
      [master] [rt37069] update NTA limit to a week · 3d066288
      Evan Hunt authored
      3940.	[func]		"rndc nta" now allows negative trust anchors to be
      			set for up to one week. [RT #37069]
      3d066288
  3. 30 Aug, 2014 2 commits
  4. 29 Aug, 2014 3 commits
    • Mark Andrews's avatar
      #include isc/print.h> · 25c5d8e8
      Mark Andrews authored
      25c5d8e8
    • Evan Hunt's avatar
      [master] add better servfail logging · f5c24a7f
      Evan Hunt authored
      3937.	[func]		Added some debug logging to better indicate the
      			conditions causing SERVFAILs when resolving.
      			[RT #35538]
      f5c24a7f
    • Evan Hunt's avatar
      [master] ECS authoritative support · d46855ca
      Evan Hunt authored
      3936.	[func]		Added authoritative support for the EDNS Client
      			Subnet (ECS) option.
      
      			ACLs can now include "ecs" elements which specify
      			an address or network prefix; if an ECS option is
      			included in a DNS query, then the address encoded
      			in the option will be matched against "ecs" ACL
      			elements.
      
      			Also, if an ECS address is included in a query,
      			then it will be used instead of the client source
      			address when matching "geoip" ACL elements.  This
      			behavior can be overridden with "geoip-use-ecs no;".
      
      			When "ecs" or "geoip" ACL elements are used to
      			select a view for a query, the response will include
      			an ECS option to indicate which client network the
      			answer is valid for.
      
      			(Thanks to Vincent Bernat.) [RT #36781]
      d46855ca
  5. 26 Aug, 2014 2 commits
  6. 23 Aug, 2014 1 commit
  7. 22 Aug, 2014 2 commits
  8. 18 Aug, 2014 2 commits
  9. 06 Aug, 2014 1 commit
  10. 02 Aug, 2014 1 commit
  11. 31 Jul, 2014 2 commits
  12. 30 Jul, 2014 1 commit
    • Evan Hunt's avatar
      [master] complete change #3882 · a5e2e389
      Evan Hunt authored
      Parse arguments to "rndc nta" so they can be either
      long or shortened (i.e., both "-dump" and "-d" will work).
      a5e2e389
  13. 25 Jun, 2014 1 commit
  14. 19 Jun, 2014 3 commits
  15. 18 Jun, 2014 2 commits
    • Evan Hunt's avatar
      [master] complete NTA work · b8a96323
      Evan Hunt authored
      3882.	[func]		By default, negative trust anchors will be tested
      			periodically to see whether data below them can be
      			validated, and if so, they will be allowed to
      			expire early. The "rndc nta -force" option
      			overrides this behvaior.  The default NTA lifetime
      			and the recheck frequency can be configured by the
      			"nta-lifetime" and "nta-recheck" options. [RT #36146]
      b8a96323
    • Mark Andrews's avatar
      3881. [bug] Address memory leak with UPDATE error handling. · f5bb5eb7
      Mark Andrews authored
                              [RT #36303]
      f5bb5eb7
  16. 17 Jun, 2014 1 commit
  17. 16 Jun, 2014 2 commits
  18. 13 Jun, 2014 1 commit
  19. 11 Jun, 2014 1 commit
  20. 10 Jun, 2014 1 commit
  21. 09 Jun, 2014 1 commit
  22. 30 May, 2014 2 commits
    • Evan Hunt's avatar
      [master] rndc nta · 0cfb2473
      Evan Hunt authored
      3867.	[func]		"rndc nta" can now be used to set a temporary
      			negative trust anchor, which disables DNSSEC
      			validation below a specified name for a specified
      			period of time (not exceeding 24 hours).  This
      			can be used when validation for a domain is known
      			to be failing due to a configuration error on
      			the part of the domain owner rather than a
      			spoofing attack. [RT #29358]
      0cfb2473
    • Mark Andrews's avatar
      fa6308bd
  23. 29 May, 2014 2 commits
  24. 28 May, 2014 1 commit
  25. 27 May, 2014 1 commit