1. 22 Mar, 2013 1 commit
    • Evan Hunt's avatar
      [master] add DSCP support · 67adc03e
      Evan Hunt authored
      3535.	[func]		Add support for setting Differentiated Services Code
      			Point (DSCP) values in named.  Most configuration
      			options which take a "port" option (e.g.,
      			listen-on, forwarders, also-notify, masters,
      			notify-source, etc) can now also take a "dscp"
      			option specifying a code point for use with
      			outgoing traffic, if supported by the underlying
      			OS. [RT #27596]
      67adc03e
  2. 20 Mar, 2013 1 commit
  3. 27 Feb, 2013 2 commits
  4. 25 Feb, 2013 1 commit
    • Evan Hunt's avatar
      [master] DNS RRL · 55e5c51e
      Evan Hunt authored
      3494.	[func]		DNS RRL: Blunt the impact of DNS reflection and
      			amplification attacks by rate-limiting substantially-
      			identical responses. [RT #28130]
      55e5c51e
  5. 08 Dec, 2012 1 commit
    • Mark Andrews's avatar
      3437. [bug] isc_buffer_init -> isc_buffer_constinit to initialise · 6f7abb89
      Mark Andrews authored
                              buffers with constant data. [RT #32064]
      
      Squashed commit of the following:
      
      commit 3433b96bf11f8c90ccbe412f01d02a6d8bbc2d33
      Author: Mark Andrews <marka@isc.org>
      Date:   Sat Dec 8 12:41:16 2012 +1100
      
          isc_buffer_init -> isc_buffer_constinit
      
      commit c22dbcc1122a0a44f7b46068e0ccbc25353a57d5
      Author: Mark Andrews <marka@isc.org>
      Date:   Sat Dec 8 12:38:39 2012 +1100
      
          isc_buffer_init -> isc_buffer_constinit
      
      commit 900820416c45c1887d0d22d7a010df60a903bd56
      Author: Mark Andrews <marka@isc.org>
      Date:   Sat Dec 8 12:24:19 2012 +1100
      
          remove isc_buffer_reconstinit
      
      commit f815711c17b05f9961786a90b9bae902d3c01494
      Author: Mark Andrews <marka@isc.org>
      Date:   Wed Dec 5 15:42:57 2012 +1100
      
          add isc_buffer_constinit
      6f7abb89
  6. 26 Sep, 2012 1 commit
  7. 14 Jun, 2012 1 commit
  8. 08 Jun, 2012 1 commit
  9. 14 May, 2012 1 commit
    • Evan Hunt's avatar
      merged filter-aaaa-on-v6 (ATT SoW) · d878b8d8
      Evan Hunt authored
      3327.	[func]		Added 'filter-aaaa-on-v6' option; this is similar
      			to 'filter-aaaa-on-v4' but applies to IPv6
      			connections.  (Use "configure --enable-filter-aaaa"
      			to enable this option.)  [RT #27308]
      d878b8d8
  10. 06 Jan, 2012 2 commits
  11. 30 Aug, 2011 2 commits
  12. 01 Jul, 2011 1 commit
  13. 23 May, 2011 1 commit
  14. 29 Apr, 2011 1 commit
    • Evan Hunt's avatar
      3102. [func] New 'dnssec-loadkeys-interval' option configures · 39f2d1a9
      Evan Hunt authored
      			how often, in minutes, to check the key repository
      			for updates when using automatic key maintenance.
      			Default is every 60 minutes (formerly hard-coded
      			to 12 hours). [RT #23744]
      
      3101.	[bug]		Zones using automatic key maintenance could fail
      			to check the key repository for updates. [RT #23744]
      39f2d1a9
  15. 23 Feb, 2011 1 commit
  16. 03 Feb, 2011 2 commits
  17. 16 Dec, 2010 1 commit
  18. 11 Aug, 2010 1 commit
    • Evan Hunt's avatar
      2936. [func] Improved configuration syntax and multiple-view · cfd26204
      Evan Hunt authored
      			support for addzone/delzone feature (see change
      			#2930).  Removed "new-zone-file" option, replaced
      			with "allow-new-zones (yes|no)".  The new-zone-file
      			for each view is now created automatically, with
      			a filename generated from a hash of the view name.
      			It is no longer necessary to "include" the
      			new-zone-file in named.conf; this happens
      			automatically.  Zones that were not added via
      			"rndc addzone" can no longer be removed with
      			"rndc delzone". [RT #19447]
      cfd26204
  19. 25 Jun, 2010 1 commit
  20. 22 Jun, 2010 2 commits
  21. 14 May, 2010 2 commits
  22. 04 Dec, 2009 1 commit
    • Mark Andrews's avatar
      2801. [func] Detect and report records that are different according · 3d17a3ba
      Mark Andrews authored
                              to DNSSEC but are sematically equal according to plain
                              DNS.  Apply plain DNS comparisons rather than DNSSEC
                              comparisons when processing UPDATE requests.
                              dnssec-signzone now removes such semantically duplicate
                              records prior to signing the RRset.
      
                              named-checkzone -r {ignore|warn|fail} (default warn)
                              named-compilezone -r {ignore|warn|fail} (default warn)
      
                              named.conf: check-dup-records {ignore|warn|fail};
      3d17a3ba
  23. 03 Dec, 2009 1 commit
  24. 26 Oct, 2009 1 commit
  25. 10 Oct, 2009 1 commit
  26. 08 Oct, 2009 1 commit
    • Mark Andrews's avatar
      2708. [func] Insecure to secure and NSEC3 parameter changes via · 28479307
      Mark Andrews authored
                              update are now fully supported and no longer require
                              defines to enable.  We now no longer overload the
                              NSEC3PARAM flag field, nor the NSEC OPT bit at the
                              apex.  Secure to insecure changes are controlled by
                              by the named.conf option 'secure-to-insecure'.
      
                              Warning: If you had previously enabled support by
                              adding defines at compile time to BIND 9.6 you should
                              ensure that all changes that are in progress have
                              completed prior to upgrading to BIND 9.7.  BIND 9.7
                              is not backwards compatible.
      28479307
  27. 01 Sep, 2009 2 commits
  28. 14 Jul, 2009 1 commit
  29. 30 Jun, 2009 1 commit
  30. 10 Jun, 2009 1 commit
    • Evan Hunt's avatar
      2609. [func] Simplify the configuration of dynamic zones: · 351b6253
      Evan Hunt authored
      			- add ddns-confgen command to generate
      			  configuration text for named.conf
      			- add zone option "ddns-autoconf yes;", which
      			  causes named to generate a TSIG session key
      			  and allow updates to the zone using that key
      			- add '-l' (localhost) option to nsupdate, which
      			  causes nsupdate to connect to a locally-running
      			  named process using the session key generated
      			  by named
      			[RT #19284]
      351b6253
  31. 16 Mar, 2009 1 commit
  32. 05 Mar, 2009 1 commit
  33. 04 Mar, 2009 1 commit
    • Evan Hunt's avatar
      2572. [func] Simplify DLV configuration, with a new option · 3a304939
      Evan Hunt authored
      			"dnssec-lookaside auto;"  This is the equivalent
      			of "dnssec-lookaside . trust-anchor dlv.isc.org;"
      			plus setting a trusted-key for dlv.isc.org.
      
      			Note: The trusted key is hard-coded into named,
      			but is also stored in (and can be overridden
      			by) $sysconfdir/bind.keys.  As the ISC DLV key
      			rolls over it can be kept up to date by replacing
      			the bind.keys file with a key downloaded from
      			https://www.isc.org/solutions/dlv. [RT #18685]
      3a304939